github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 09:48:58 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Security Solution] enabling all expanded flyout Cypress tests (#158979)

Browse source
This commit is contained in:
Philippe Oberti 2023-06-09 20:32:05 -05:00 committed by GitHub
parent 126fbbd7b7
commit d5c429e836
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
49 changed files with 1601 additions and 1408 deletions
Download patch file Download diff file Expand all files Collapse all files

162
x-pack/plugins/security_solution/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel.cy.ts
View file

@ -1,162 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import {
DOCUMENT_DETAILS_FLYOUT_HISTORY_TAB,
DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB,
DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_BUTTON_GROUP,
DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_ENTITIES_BUTTON,
DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_THREAT_INTELLIGENCE_BUTTON,
DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_BUTTON,
DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_CORRELATIONS_BUTTON,
DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_ENTITIES_CONTENT,
DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_THREAT_INTELLIGENCE_CONTENT,
DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_CONTENT,
DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_CORRELATIONS_CONTENT,
DOCUMENT_DETAILS_FLYOUT_INVESTIGATION_TAB_CONTENT,
DOCUMENT_DETAILS_FLYOUT_INVESTIGATION_TAB,
DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB,
DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_BUTTON_GROUP,
DOCUMENT_DETAILS_FLYOUT_HISTORY_TAB_CONTENT,
DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_SESSION_VIEW_BUTTON,
DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_GRAPH_ANALYZER_BUTTON,
DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_SESSION_VIEW_CONTENT,
DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_GRAPH_ANALYZER_CONTENT,
} from '../../../../screens/document_expandable_flyout';
import {
expandDocumentDetailsExpandableFlyoutLeftSection,
expandFirstAlertExpandableFlyout,
openGraphAnalyzer,
openHistoryTab,
openInsightsTab,
openInvestigationTab,
openSessionView,
openVisualizeTab,
openEntities,
openThreatIntelligence,
openPrevalence,
openCorrelations,
} from '../../../../tasks/document_expandable_flyout';
import { cleanKibana } from '../../../../tasks/common';
import { login, visit } from '../../../../tasks/login';
import { createRule } from '../../../../tasks/api_calls/rules';
import { getNewRule } from '../../../../objects/rule';
import { ALERTS_URL } from '../../../../urls/navigation';
import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule';
describe(
'Alert details expandable flyout left panel',
{ env: { ftrConfig: { enableExperimental: ['securityFlyoutEnabled'] } } },
() => {
before(() => {
cleanKibana();
createRule(getNewRule());
});
beforeEach(() => {
login();
visit(ALERTS_URL);
waitForAlertsToPopulate();
expandFirstAlertExpandableFlyout();
expandDocumentDetailsExpandableFlyoutLeftSection();
});
it('should display 4 tabs in the header', () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB)
.should('be.visible')
.and('have.text', 'Visualize');
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB)
.should('be.visible')
.and('have.text', 'Insights');
cy.get(DOCUMENT_DETAILS_FLYOUT_INVESTIGATION_TAB)
.should('be.visible')
.and('have.text', 'Investigation');
cy.get(DOCUMENT_DETAILS_FLYOUT_HISTORY_TAB).should('be.visible').and('have.text', 'History');
});
it.skip('should display tab content when switching tabs', () => {
openVisualizeTab();
cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_BUTTON_GROUP).should('be.visible');
openInsightsTab();
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_BUTTON_GROUP).should('be.visible');
openInvestigationTab();
cy.get(DOCUMENT_DETAILS_FLYOUT_INVESTIGATION_TAB_CONTENT).should('be.visible');
openHistoryTab();
cy.get(DOCUMENT_DETAILS_FLYOUT_HISTORY_TAB_CONTENT).should('be.visible');
});
describe.skip('visualize tab', () => {
it('should display a button group with 2 button in the visualize tab', () => {
openVisualizeTab();
cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_SESSION_VIEW_BUTTON)
.should('be.visible')
.and('have.text', 'Session View');
cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_GRAPH_ANALYZER_BUTTON)
.should('be.visible')
.and('have.text', 'Analyzer Graph');
});
it('should display content when switching buttons', () => {
openVisualizeTab();
openSessionView();
cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_SESSION_VIEW_CONTENT).should('be.visible');
openGraphAnalyzer();
cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_GRAPH_ANALYZER_CONTENT).should('be.visible');
});
});
describe.skip('insights tab', () => {
it('should display a button group with 4 button in the insights tab', () => {
openInsightsTab();
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_ENTITIES_BUTTON)
.should('be.visible')
.and('have.text', 'Entities');
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_THREAT_INTELLIGENCE_BUTTON)
.should('be.visible')
.and('have.text', 'Threat Intelligence');
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_BUTTON)
.should('be.visible')
.and('have.text', 'Prevalence');
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_CORRELATIONS_BUTTON)
.should('be.visible')
.and('have.text', 'Correlations');
});
it('should display content when switching buttons', () => {
openInsightsTab();
openEntities();
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_ENTITIES_CONTENT).should('be.visible');
openThreatIntelligence();
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_THREAT_INTELLIGENCE_CONTENT)
.should('be.visible')
.and('have.text', 'Threat Intelligence');
openPrevalence();
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_CONTENT)
.should('be.visible')
.and('have.text', 'Prevalence');
openCorrelations();
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_CORRELATIONS_CONTENT)
.should('be.visible')
.and('have.text', 'Correlations');
});
});
describe.skip('investigation tab', () => {
it('should display investigation guide', () => {
openInvestigationTab();
cy.get(DOCUMENT_DETAILS_FLYOUT_INVESTIGATION_TAB_CONTENT).should('be.visible');
});
});
}
);

37
x-pack/plugins/security_solution/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_analyzer_graph_tab.cy.ts
View file

@ -5,13 +5,18 @@
* 2.0.
*/
import { ANALYZER_NODE } from '../../../../screens/alerts';
import { DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_GRAPH_ANALYZER_CONTENT } from '../../../../screens/document_expandable_flyout';
import {
expandFirstAlertExpandableFlyout,
openGraphAnalyzer,
expandDocumentDetailsExpandableFlyoutLeftSection,
} from '../../../../tasks/document_expandable_flyout';
DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_GRAPH_ANALYZER_BUTTON,
DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_GRAPH_ANALYZER_CONTENT,
} from '../../../../screens/expandable_flyout/alert_details_left_panel_analyzer_graph_tab';
import {
DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB,
DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_BUTTON_GROUP,
} from '../../../../screens/expandable_flyout/alert_details_left_panel';
import { openGraphAnalyzerTab } from '../../../../tasks/expandable_flyout/alert_details_left_panel_analyzer_graph_tab';
import { expandDocumentDetailsExpandableFlyoutLeftSection } from '../../../../tasks/expandable_flyout/alert_details_right_panel';
import { expandFirstAlertExpandableFlyout } from '../../../../tasks/expandable_flyout/common';
import { ANALYZER_NODE } from '../../../../screens/alerts';
import { cleanKibana } from '../../../../tasks/common';
import { login, visit } from '../../../../tasks/login';
import { createRule } from '../../../../tasks/api_calls/rules';
@ -19,13 +24,11 @@ import { getNewRule } from '../../../../objects/rule';
import { ALERTS_URL } from '../../../../urls/navigation';
import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule';
// Skipping these for now as the feature is protected behind a feature flag set to false by default
// To run the tests locally, add 'securityFlyoutEnabled' in the Cypress config.ts here https://github.com/elastic/kibana/blob/main/x-pack/test/security_solution_cypress/config.ts#L50
describe.skip(
describe(
'Alert details expandable flyout left panel analyzer graph',
{ env: { ftrConfig: { enableExperimental: ['securityFlyoutEnabled'] } } },
() => {
before(() => {
beforeEach(() => {
cleanKibana();
login();
createRule(getNewRule());
@ -33,10 +36,20 @@ describe.skip(
waitForAlertsToPopulate();
expandFirstAlertExpandableFlyout();
expandDocumentDetailsExpandableFlyoutLeftSection();
openGraphAnalyzer();
openGraphAnalyzerTab();
});
it('should display analyzer graph and node list', () => {
it('should display analyzer graph and node list under visualize', () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB)
.should('be.visible')
.and('have.text', 'Visualize');
cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_BUTTON_GROUP).should('be.visible');
cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_GRAPH_ANALYZER_BUTTON)
.should('be.visible')
.and('have.text', 'Analyzer Graph');
cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_GRAPH_ANALYZER_CONTENT).should('be.visible');
cy.get(ANALYZER_NODE).first().should('be.visible');
});

54
x-pack/plugins/security_solution/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_correlations_tab.cy.ts Normal file
View file

@ -0,0 +1,54 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { createRule } from '../../../../tasks/api_calls/rules';
import { getNewRule } from '../../../../objects/rule';
import { DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_CORRELATIONS_BUTTON } from '../../../../screens/expandable_flyout/alert_details_left_panel_correlations_tab';
import {
DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB,
DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_BUTTON_GROUP,
} from '../../../../screens/expandable_flyout/alert_details_left_panel';
import { openCorrelationsTab } from '../../../../tasks/expandable_flyout/alert_details_left_panel_correlations_tab';
import { openInsightsTab } from '../../../../tasks/expandable_flyout/alert_details_left_panel';
import { expandDocumentDetailsExpandableFlyoutLeftSection } from '../../../../tasks/expandable_flyout/alert_details_right_panel';
import { expandFirstAlertExpandableFlyout } from '../../../../tasks/expandable_flyout/common';
import { cleanKibana } from '../../../../tasks/common';
import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule';
import { login, visit } from '../../../../tasks/login';
import { ALERTS_URL } from '../../../../urls/navigation';
describe(
'Expandable flyout left panel correlations',
{ env: { ftrConfig: { enableExperimental: ['securityFlyoutEnabled'] } } },
() => {
beforeEach(() => {
cleanKibana();
login();
createRule(getNewRule());
visit(ALERTS_URL);
waitForAlertsToPopulate();
expandFirstAlertExpandableFlyout();
expandDocumentDetailsExpandableFlyoutLeftSection();
openInsightsTab();
openCorrelationsTab();
});
it('should serialize its state to url', () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB)
.should('be.visible')
.and('have.text', 'Insights');
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_BUTTON_GROUP).should('be.visible');
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_CORRELATIONS_BUTTON)
.should('be.visible')
.and('have.text', 'Correlations');
// TODO actual test
});
}
);

50
x-pack/plugins/security_solution/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_entities_tab.cy.ts
View file

@ -6,15 +6,18 @@
*/
import {
DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_USER_DETAILS,
DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_ENTITIES_BUTTON,
DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_HOST_DETAILS,
} from '../../../../screens/document_expandable_flyout';
DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_USER_DETAILS,
} from '../../../../screens/expandable_flyout/alert_details_left_panel_entities_tab';
import {
expandFirstAlertExpandableFlyout,
openInsightsTab,
openEntities,
expandDocumentDetailsExpandableFlyoutLeftSection,
} from '../../../../tasks/document_expandable_flyout';
DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB,
DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_BUTTON_GROUP,
} from '../../../../screens/expandable_flyout/alert_details_left_panel';
import { openEntitiesTab } from '../../../../tasks/expandable_flyout/alert_details_left_panel_entities_tab';
import { openInsightsTab } from '../../../../tasks/expandable_flyout/alert_details_left_panel';
import { expandDocumentDetailsExpandableFlyoutLeftSection } from '../../../../tasks/expandable_flyout/alert_details_right_panel';
import { expandFirstAlertExpandableFlyout } from '../../../../tasks/expandable_flyout/common';
import { cleanKibana } from '../../../../tasks/common';
import { login, visit } from '../../../../tasks/login';
import { createRule } from '../../../../tasks/api_calls/rules';
@ -22,13 +25,11 @@ import { getNewRule } from '../../../../objects/rule';
import { ALERTS_URL } from '../../../../urls/navigation';
import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule';
// Skipping these for now as the feature is protected behind a feature flag set to false by default
// To run the tests locally, add 'securityFlyoutEnabled' in the Cypress config.ts here https://github.com/elastic/kibana/blob/main/x-pack/test/security_solution_cypress/config.ts#L50
describe.skip(
describe(
'Alert details expandable flyout left panel entities',
{ env: { ftrConfig: { enableExperimental: ['securityFlyoutEnabled'] } } },
() => {
before(() => {
beforeEach(() => {
cleanKibana();
login();
createRule(getNewRule());
@ -37,18 +38,25 @@ describe.skip(
expandFirstAlertExpandableFlyout();
expandDocumentDetailsExpandableFlyoutLeftSection();
openInsightsTab();
openEntities();
openEntitiesTab();
});
it('should display analyzer graph and node list', () => {
// eslint-disable-next-line cypress/unsafe-to-chain-command
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_USER_DETAILS)
.scrollIntoView()
.should('be.visible');
// eslint-disable-next-line cypress/unsafe-to-chain-command
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_HOST_DETAILS)
.scrollIntoView()
.should('be.visible');
it('should display analyzer graph and node list under Insights Entities', () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB)
.should('be.visible')
.and('have.text', 'Insights');
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_BUTTON_GROUP).should('be.visible');
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_ENTITIES_BUTTON)
.should('be.visible')
.and('have.text', 'Entities');
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_HOST_DETAILS).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_HOST_DETAILS).should('be.visible');
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_USER_DETAILS).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_USER_DETAILS).should('be.visible');
});
}
);

45
x-pack/plugins/security_solution/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_investigation_tab.cy.ts Normal file
View file

@ -0,0 +1,45 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import {
DOCUMENT_DETAILS_FLYOUT_INVESTIGATION_TAB,
DOCUMENT_DETAILS_FLYOUT_INVESTIGATION_TAB_CONTENT,
} from '../../../../screens/expandable_flyout/alert_details_left_panel_investigation_tab';
import { openInvestigationTab } from '../../../../tasks/expandable_flyout/alert_details_left_panel_investigation_tab';
import { expandDocumentDetailsExpandableFlyoutLeftSection } from '../../../../tasks/expandable_flyout/alert_details_right_panel';
import { expandFirstAlertExpandableFlyout } from '../../../../tasks/expandable_flyout/common';
import { cleanKibana } from '../../../../tasks/common';
import { login, visit } from '../../../../tasks/login';
import { createRule } from '../../../../tasks/api_calls/rules';
import { getNewRule } from '../../../../objects/rule';
import { ALERTS_URL } from '../../../../urls/navigation';
import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule';
describe(
'Alert details expandable flyout left panel investigation',
{ env: { ftrConfig: { enableExperimental: ['securityFlyoutEnabled'] } } },
() => {
beforeEach(() => {
cleanKibana();
login();
createRule(getNewRule());
visit(ALERTS_URL);
waitForAlertsToPopulate();
expandFirstAlertExpandableFlyout();
expandDocumentDetailsExpandableFlyoutLeftSection();
openInvestigationTab();
});
it('should display investigation guide', () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_INVESTIGATION_TAB)
.should('be.visible')
.and('have.text', 'Investigation');
cy.get(DOCUMENT_DETAILS_FLYOUT_INVESTIGATION_TAB_CONTENT).should('be.visible');
});
}
);

54
x-pack/plugins/security_solution/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_prevalence_tab.cy.ts Normal file
View file

@ -0,0 +1,54 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { createRule } from '../../../../tasks/api_calls/rules';
import { getNewRule } from '../../../../objects/rule';
import { DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_BUTTON } from '../../../../screens/expandable_flyout/alert_details_left_panel_prevalence_tab';
import {
DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB,
DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_BUTTON_GROUP,
} from '../../../../screens/expandable_flyout/alert_details_left_panel';
import { openPrevalenceTab } from '../../../../tasks/expandable_flyout/alert_details_left_panel_prevalence_tab';
import { openInsightsTab } from '../../../../tasks/expandable_flyout/alert_details_left_panel';
import { expandDocumentDetailsExpandableFlyoutLeftSection } from '../../../../tasks/expandable_flyout/alert_details_right_panel';
import { expandFirstAlertExpandableFlyout } from '../../../../tasks/expandable_flyout/common';
import { cleanKibana } from '../../../../tasks/common';
import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule';
import { login, visit } from '../../../../tasks/login';
import { ALERTS_URL } from '../../../../urls/navigation';
describe(
'Expandable flyout left panel prevalence',
{ env: { ftrConfig: { enableExperimental: ['securityFlyoutEnabled'] } } },
() => {
beforeEach(() => {
cleanKibana();
login();
createRule(getNewRule());
visit(ALERTS_URL);
waitForAlertsToPopulate();
expandFirstAlertExpandableFlyout();
expandDocumentDetailsExpandableFlyoutLeftSection();
openInsightsTab();
openPrevalenceTab();
});
it('should show prevalence table', () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB)
.should('be.visible')
.and('have.text', 'Insights');
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_BUTTON_GROUP).should('be.visible');
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_BUTTON)
.should('be.visible')
.and('have.text', 'Prevalence');
// TODO actual test
});
}
);

40
x-pack/plugins/security_solution/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_session_view_tab.cy.ts
View file

@ -5,11 +5,16 @@
* 2.0.
*/
import { DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_SESSION_VIEW_NO_DATA } from '../../../../screens/document_expandable_flyout';
import {
expandFirstAlertExpandableFlyout,
expandDocumentDetailsExpandableFlyoutLeftSection,
} from '../../../../tasks/document_expandable_flyout';
DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_SESSION_VIEW_BUTTON,
DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_SESSION_VIEW_ERROR,
} from '../../../../screens/expandable_flyout/alert_details_left_panel_session_view_tab';
import {
DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB,
DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_BUTTON_GROUP,
} from '../../../../screens/expandable_flyout/alert_details_left_panel';
import { expandDocumentDetailsExpandableFlyoutLeftSection } from '../../../../tasks/expandable_flyout/alert_details_right_panel';
import { expandFirstAlertExpandableFlyout } from '../../../../tasks/expandable_flyout/common';
import { cleanKibana } from '../../../../tasks/common';
import { login, visit } from '../../../../tasks/login';
import { createRule } from '../../../../tasks/api_calls/rules';
@ -17,13 +22,11 @@ import { getNewRule } from '../../../../objects/rule';
import { ALERTS_URL } from '../../../../urls/navigation';
import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule';
// Skipping these for now as the feature is protected behind a feature flag set to false by default
// To run the tests locally, add 'securityFlyoutEnabled' in the Cypress config.ts here https://github.com/elastic/kibana/blob/main/x-pack/test/security_solution_cypress/config.ts#L50
describe.skip(
describe(
'Alert details expandable flyout left panel session view',
{ env: { ftrConfig: { enableExperimental: ['securityFlyoutEnabled'] } } },
() => {
before(() => {
beforeEach(() => {
cleanKibana();
login();
createRule(getNewRule());
@ -33,13 +36,22 @@ describe.skip(
expandDocumentDetailsExpandableFlyoutLeftSection();
});
it('should display session view no data message', () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_SESSION_VIEW_NO_DATA)
it('should display session view under visualize', () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB)
.should('be.visible')
.and('contain.text', 'No data to render')
.and('contain.text', 'No process events found for this query');
});
.and('have.text', 'Visualize');
// it('should display session view component', () => {});
cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_BUTTON_GROUP).should('be.visible');
cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_SESSION_VIEW_BUTTON)
.should('be.visible')
.and('have.text', 'Session View');
// TODO ideally we would have a test for the session view component instead
cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_SESSION_VIEW_ERROR)
.should('be.visible')
.and('contain.text', 'Unable to display session view')
.and('contain.text', 'There was an error displaying session view');
});
}
);

35
x-pack/plugins/security_solution/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_left_panel_threat_intelligence_tab.cy.ts
View file

@ -5,28 +5,51 @@
* 2.0.
*/
import { createRule } from '../../../../tasks/api_calls/rules';
import { getNewRule } from '../../../../objects/rule';
import { expandDocumentDetailsExpandableFlyoutLeftSection } from '../../../../tasks/expandable_flyout/alert_details_right_panel';
import { expandFirstAlertExpandableFlyout } from '../../../../tasks/expandable_flyout/common';
import { INDICATOR_MATCH_ENRICHMENT_SECTION } from '../../../../screens/alerts_details';
import { cleanKibana } from '../../../../tasks/common';
import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule';
import { expandFirstAlertExpandableFlyout } from '../../../../tasks/document_expandable_flyout';
import { login, visit } from '../../../../tasks/login';
import { ALERTS_URL } from '../../../../urls/navigation';
import { openInsightsTab } from '../../../../tasks/expandable_flyout/alert_details_left_panel';
import { openThreatIntelligenceTab } from '../../../../tasks/expandable_flyout/alert_details_left_panel_threat_intelligence_tab';
import {
DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB,
DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_BUTTON_GROUP,
} from '../../../../screens/expandable_flyout/alert_details_left_panel';
import { DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_THREAT_INTELLIGENCE_BUTTON } from '../../../../screens/expandable_flyout/alert_details_left_panel_threat_intelligence_tab';
// Skipping these for now as the feature is protected behind a feature flag set to false by default
// To run the tests locally, add 'securityFlyoutEnabled' in the Cypress config.ts here https://github.com/elastic/kibana/blob/main/x-pack/test/security_solution_cypress/config.ts#L50
describe.skip(
describe(
'Expandable flyout left panel threat intelligence',
{ env: { ftrConfig: { enableExperimental: ['securityFlyoutEnabled'] } } },
() => {
before(() => {
beforeEach(() => {
cleanKibana();
login();
createRule(getNewRule());
visit(ALERTS_URL);
waitForAlertsToPopulate();
expandFirstAlertExpandableFlyout();
expandDocumentDetailsExpandableFlyoutLeftSection();
openInsightsTab();
openThreatIntelligenceTab();
});
it('should serialize its state to url', () => {
cy.url().should('include', 'eventFlyout');
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB)
.should('be.visible')
.and('have.text', 'Insights');
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_BUTTON_GROUP).should('be.visible');
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_THREAT_INTELLIGENCE_BUTTON)
.should('be.visible')
.and('have.text', 'Threat Intelligence');
cy.get(INDICATOR_MATCH_ENRICHMENT_SECTION).should('be.visible');
});
}
);

213
x-pack/plugins/security_solution/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel.cy.ts
View file

@ -5,26 +5,57 @@
* 2.0.
*/
import { upperFirst } from 'lodash';
import {
DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE_CREATE_BUTTON,
DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE_DESCRIPTION_INPUT,
DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE_NAME_INPUT,
EXISTING_CASE_SELECT_BUTTON,
VIEW_CASE_TOASTER_LINK,
} from '../../../../screens/expandable_flyout/common';
import {
createNewCaseFromCases,
expandFirstAlertExpandableFlyout,
navigateToAlertsPage,
navigateToCasesPage,
} from '../../../../tasks/expandable_flyout/common';
import { ALERT_CHECKBOX } from '../../../../screens/alerts';
import { CASE_DETAILS_PAGE_TITLE } from '../../../../screens/case_details';
import {
DOCUMENT_DETAILS_FLYOUT_COLLAPSE_DETAILS_BUTTON,
DOCUMENT_DETAILS_FLYOUT_EXPAND_DETAILS_BUTTON,
DOCUMENT_DETAILS_FLYOUT_FOOTER,
DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_ENDPOINT_EXCEPTION,
DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_MARK_AS_ACKNOWLEDGED,
DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_RULE_EXCEPTION,
DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_RULE_EXCEPTION_FLYOUT_CANCEL_BUTTON,
DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_RULE_EXCEPTION_FLYOUT_HEADER,
DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_EXISTING_CASE,
DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE,
DOCUMENT_DETAILS_FLYOUT_FOOTER_INVESTIGATE_IN_TIMELINE,
DOCUMENT_DETAILS_FLYOUT_FOOTER_INVESTIGATE_IN_TIMELINE_ENTRY,
DOCUMENT_DETAILS_FLYOUT_FOOTER_INVESTIGATE_IN_TIMELINE_SECTION,
DOCUMENT_DETAILS_FLYOUT_FOOTER_MARK_AS_CLOSED,
DOCUMENT_DETAILS_FLYOUT_FOOTER_RESPOND,
DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON,
DOCUMENT_DETAILS_FLYOUT_HEADER_RISK_SCORE,
DOCUMENT_DETAILS_FLYOUT_HEADER_RISK_SCORE_VALUE,
DOCUMENT_DETAILS_FLYOUT_HEADER_SEVERITY,
DOCUMENT_DETAILS_FLYOUT_HEADER_SEVERITY_VALUE,
DOCUMENT_DETAILS_FLYOUT_HEADER_TITLE,
DOCUMENT_DETAILS_FLYOUT_JSON_TAB,
DOCUMENT_DETAILS_FLYOUT_JSON_TAB_CONTENT,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB,
DOCUMENT_DETAILS_FLYOUT_TABLE_TAB,
DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_CONTENT,
DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_EVENT_TYPE_ROW,
} from '../../../../screens/document_expandable_flyout';
} from '../../../../screens/expandable_flyout/alert_details_right_panel';
import {
collapseDocumentDetailsExpandableFlyoutLeftSection,
expandDocumentDetailsExpandableFlyoutLeftSection,
expandFirstAlertExpandableFlyout,
openJsonTab,
openOverviewTab,
openTableTab,
scrollWithinDocumentDetailsExpandableFlyoutRightSection,
} from '../../../../tasks/document_expandable_flyout';
openTakeActionButton,
openTakeActionButtonAndSelectItem,
selectTakeActionItem,
} from '../../../../tasks/expandable_flyout/alert_details_right_panel';
import { cleanKibana } from '../../../../tasks/common';
import { login, visit } from '../../../../tasks/login';
import { createRule } from '../../../../tasks/api_calls/rules';
@ -32,28 +63,47 @@ import { getNewRule } from '../../../../objects/rule';
import { ALERTS_URL } from '../../../../urls/navigation';
import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule';
// Skipping these for now as the feature is protected behind a feature flag set to false by default
// To run the tests locally, add 'securityFlyoutEnabled' in the Cypress config.ts here https://github.com/elastic/kibana/blob/main/x-pack/test/security_solution_cypress/config.ts#L50
describe.skip(
describe(
'Alert details expandable flyout right panel',
{ env: { ftrConfig: { enableExperimental: ['securityFlyoutEnabled'] } } },
() => {
const rule = getNewRule();
before(() => {
beforeEach(() => {
cleanKibana();
login();
createRule(rule);
visit(ALERTS_URL);
waitForAlertsToPopulate();
});
it('should display header and footer basics', () => {
expandFirstAlertExpandableFlyout();
});
it('should display title in the header', () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_TITLE).should('be.visible').and('have.text', rule.name);
});
it('should toggle expand detail button in the header', () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_TITLE).should('be.visible').and('have.text', rule.name);
cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_RISK_SCORE).should('be.visible');
cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_RISK_SCORE_VALUE)
.should('be.visible')
.and('have.text', rule.risk_score);
cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_SEVERITY).should('be.visible');
cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_SEVERITY_VALUE)
.should('be.visible')
.and('have.text', upperFirst(rule.severity));
cy.log('Verify all 3 tabs are visible');
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB)
.should('be.visible')
.and('have.text', 'Overview');
cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB).should('be.visible').and('have.text', 'Table');
cy.get(DOCUMENT_DETAILS_FLYOUT_JSON_TAB).should('be.visible').and('have.text', 'JSON');
cy.log('Verify the expand/collapse button is visible and functionality works');
expandDocumentDetailsExpandableFlyoutLeftSection();
cy.get(DOCUMENT_DETAILS_FLYOUT_COLLAPSE_DETAILS_BUTTON)
.should('be.visible')
@ -63,34 +113,121 @@ describe.skip(
cy.get(DOCUMENT_DETAILS_FLYOUT_EXPAND_DETAILS_BUTTON)
.should('be.visible')
.and('have.text', 'Expand alert details');
});
it('should display 3 tabs in the right section', () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB)
.should('be.visible')
.and('have.text', 'Overview');
cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB).should('be.visible').and('have.text', 'Table');
cy.get(DOCUMENT_DETAILS_FLYOUT_JSON_TAB).should('be.visible').and('have.text', 'JSON');
});
cy.log('Verify the take action button is visible on all tabs');
it('should display tab content when switching tabs in the right section', () => {
openOverviewTab();
// we shouldn't need to test anything here as it's covered with the new overview_tab file
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER).should('be.visible');
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON).should('be.visible');
openTableTab();
// the table component is rendered within a dom element with overflow, so Cypress isn't finding it
// this next line is a hack that scrolls to a specific element in the table to ensure Cypress finds it
cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_EVENT_TYPE_ROW).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_CONTENT).should('be.visible');
// scroll back up to the top to open the json tab
cy.get(DOCUMENT_DETAILS_FLYOUT_JSON_TAB).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER).should('be.visible');
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON).should('be.visible');
openJsonTab();
// the json component is rendered within a dom element with overflow, so Cypress isn't finding it
// this next line is a hack that vertically scrolls down to ensure Cypress finds it
scrollWithinDocumentDetailsExpandableFlyoutRightSection(0, 6500);
cy.get(DOCUMENT_DETAILS_FLYOUT_JSON_TAB_CONTENT).should('be.visible');
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER).should('be.visible');
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON).should('be.visible');
});
// TODO this will change when add to existing case is improved
// https://github.com/elastic/security-team/issues/6298
it('should add to existing case', () => {
navigateToCasesPage();
createNewCaseFromCases();
cy.get(CASE_DETAILS_PAGE_TITLE).should('be.visible').and('have.text', 'case');
navigateToAlertsPage();
expandFirstAlertExpandableFlyout();
openTakeActionButtonAndSelectItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_EXISTING_CASE);
cy.get(EXISTING_CASE_SELECT_BUTTON).should('be.visible').contains('Select').click();
cy.get(VIEW_CASE_TOASTER_LINK).should('be.visible').and('contain.text', 'View case');
});
// TODO this will change when add to new case is improved
// https://github.com/elastic/security-team/issues/6298
it('should add to new case', () => {
expandFirstAlertExpandableFlyout();
openTakeActionButtonAndSelectItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE);
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE_NAME_INPUT).type('case');
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE_DESCRIPTION_INPUT).type(
'case description'
);
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE_CREATE_BUTTON).click();
cy.get(VIEW_CASE_TOASTER_LINK).should('be.visible').and('contain.text', 'View case');
});
it('should mark as acknowledged', () => {
cy.get(ALERT_CHECKBOX).should('have.length', 2);
expandFirstAlertExpandableFlyout();
openTakeActionButtonAndSelectItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_MARK_AS_ACKNOWLEDGED);
// TODO figure out how to verify the toasts pops up
// cy.get(KIBANA_TOAST)
// .should('be.visible')
// .and('have.text', 'Successfully marked 1 alert as acknowledged.');
cy.get(ALERT_CHECKBOX).should('have.length', 1);
});
it('should mark as closed', () => {
cy.get(ALERT_CHECKBOX).should('have.length', 2);
expandFirstAlertExpandableFlyout();
openTakeActionButtonAndSelectItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_MARK_AS_CLOSED);
// TODO figure out how to verify the toasts pops up
// cy.get(KIBANA_TOAST).should('be.visible').and('have.text', 'Successfully closed 1 alert.');
cy.get(ALERT_CHECKBOX).should('have.length', 1);
});
// these actions are now grouped together as we're not really testing their functionality but just the existence of the option in the dropdown
it('should test other action within take action dropdown', () => {
expandFirstAlertExpandableFlyout();
cy.log('should add endpoint exception');
// TODO figure out why this option is disabled in Cypress but not running the app locally
// https://github.com/elastic/security-team/issues/6300
openTakeActionButton();
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_ENDPOINT_EXCEPTION).should('be.disabled');
cy.log('should add rule exception');
// TODO this isn't fully testing the add rule exception yet
// https://github.com/elastic/security-team/issues/6301
selectTakeActionItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_RULE_EXCEPTION);
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_RULE_EXCEPTION_FLYOUT_HEADER).should('be.visible');
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_RULE_EXCEPTION_FLYOUT_CANCEL_BUTTON)
.should('be.visible')
.click();
// cy.log('should isolate host');
// TODO figure out why isolate host isn't showing up in the dropdown
// https://github.com/elastic/security-team/issues/6302
// openTakeActionButton();
// cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_ISOLATE_HOST).should('be.visible');
cy.log('should respond');
// TODO this will change when respond is improved
// https://github.com/elastic/security-team/issues/6303
openTakeActionButton();
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_RESPOND).should('be.disabled');
cy.log('should investigate in timeline');
selectTakeActionItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_INVESTIGATE_IN_TIMELINE);
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_INVESTIGATE_IN_TIMELINE_SECTION)
.first()
.within(() =>
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_INVESTIGATE_IN_TIMELINE_ENTRY).should('be.visible')
);
});
}
);

194
x-pack/plugins/security_solution/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel_footer.cy.ts
View file

@ -1,194 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
/* eslint-disable cypress/unsafe-to-chain-command */
import {
CASE_ACTION_WRAPPER,
CASE_ELLIPSE_BUTTON,
CASE_ELLIPSE_DELETE_CASE_CONFIRMATION_BUTTON,
CASE_ELLIPSE_DELETE_CASE_OPTION,
CREATE_CASE_BUTTON,
DOCUMENT_DETAILS_FLYOUT_FOOTER,
DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_ENDPOINT_EXCEPTION,
DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_MARK_AS_ACKNOWLEDGED,
DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_RULE_EXCEPTION,
DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_RULE_EXCEPTION_FLYOUT_CANCEL_BUTTON,
DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_RULE_EXCEPTION_FLYOUT_HEADER,
DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_EXISTING_CASE,
DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE,
DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE_CREATE_BUTTON,
DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE_DESCRIPTION_INPUT,
DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE_NAME_INPUT,
DOCUMENT_DETAILS_FLYOUT_FOOTER_INVESTIGATE_IN_TIMELINE,
DOCUMENT_DETAILS_FLYOUT_FOOTER_INVESTIGATE_IN_TIMELINE_ENTRY,
DOCUMENT_DETAILS_FLYOUT_FOOTER_INVESTIGATE_IN_TIMELINE_SECTION,
DOCUMENT_DETAILS_FLYOUT_FOOTER_MARK_AS_CLOSED,
DOCUMENT_DETAILS_FLYOUT_FOOTER_RESPOND,
DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON,
EXISTING_CASE_SELECT_BUTTON,
KIBANA_TOAST,
NEW_CASE_CREATE_BUTTON,
NEW_CASE_DESCRIPTION_INPUT,
NEW_CASE_NAME_INPUT,
VIEW_CASE_TOASTER_LINK,
} from '../../../../screens/document_expandable_flyout';
import {
expandFirstAlertExpandableFlyout,
navigateToAlertsPage,
navigateToCasesPage,
openJsonTab,
openOverviewTab,
openTableTab,
openTakeActionButton,
openTakeActionButtonAndSelectItem,
} from '../../../../tasks/document_expandable_flyout';
import { cleanKibana } from '../../../../tasks/common';
import { login, visit } from '../../../../tasks/login';
import { createRule } from '../../../../tasks/api_calls/rules';
import { getNewRule } from '../../../../objects/rule';
import { ALERTS_URL } from '../../../../urls/navigation';
import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule';
const createNewCaseFromCases = () => {
navigateToCasesPage();
cy.get(CREATE_CASE_BUTTON).should('be.visible').click();
cy.get(NEW_CASE_NAME_INPUT).should('be.visible').click().type('case');
cy.get(NEW_CASE_DESCRIPTION_INPUT).should('be.visible').click().type('case description');
cy.get(NEW_CASE_CREATE_BUTTON).should('be.visible').click();
};
const deleteCase = () => {
cy.get(CASE_ACTION_WRAPPER).find(CASE_ELLIPSE_BUTTON).should('be.visible').click();
cy.get(CASE_ELLIPSE_DELETE_CASE_OPTION).should('be.visible').click();
cy.get(CASE_ELLIPSE_DELETE_CASE_CONFIRMATION_BUTTON).should('be.visible').click();
};
// Skipping these for now as the feature is protected behind a feature flag set to false by default
// To run the tests locally, add 'securityFlyoutEnabled' in the Cypress config.ts here https://github.com/elastic/kibana/blob/main/x-pack/test/security_solution_cypress/config.ts#L50
describe.skip(
'Alert details expandable flyout right panel footer',
{ env: { ftrConfig: { enableExperimental: ['securityFlyoutEnabled'] } } },
() => {
before(() => {
cleanKibana();
login();
createRule(getNewRule());
visit(ALERTS_URL);
waitForAlertsToPopulate();
expandFirstAlertExpandableFlyout();
});
it('should display footer take action button on all tabs', () => {
openOverviewTab();
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER).scrollIntoView().should('be.visible');
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON).should('be.visible');
openTableTab();
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER).scrollIntoView().should('be.visible');
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON).should('be.visible');
openJsonTab();
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER).scrollIntoView().should('be.visible');
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON).should('be.visible');
// reset state for next test
openOverviewTab();
});
// TODO this will change when add to existing case is improved
// https://github.com/elastic/security-team/issues/6298
it('should add to existing case', () => {
createNewCaseFromCases();
navigateToAlertsPage();
waitForAlertsToPopulate();
expandFirstAlertExpandableFlyout();
openTakeActionButtonAndSelectItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_EXISTING_CASE);
cy.get(EXISTING_CASE_SELECT_BUTTON).should('be.visible').contains('Select').click();
cy.get(VIEW_CASE_TOASTER_LINK).click();
deleteCase();
// navigate back to alert page and reopen flyout for next test
navigateToAlertsPage();
waitForAlertsToPopulate();
expandFirstAlertExpandableFlyout();
});
// TODO this will change when add to new case is improved
// https://github.com/elastic/security-team/issues/6298
it('should add to new case', () => {
openTakeActionButtonAndSelectItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE);
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE_NAME_INPUT).type('case');
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE_DESCRIPTION_INPUT).type(
'case description'
);
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE_CREATE_BUTTON).click();
cy.get(VIEW_CASE_TOASTER_LINK).click();
deleteCase();
// navigate back to alert page and reopen flyout for next test
navigateToAlertsPage();
waitForAlertsToPopulate();
expandFirstAlertExpandableFlyout();
});
// TODO figure out how to properly test the result and recreate the alert for the next tests
it.skip('should mark as acknowledged', () => {
openTakeActionButtonAndSelectItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_MARK_AS_ACKNOWLEDGED);
cy.get(KIBANA_TOAST)
// .should('be.visible')
.and('have.text', 'Successfully marked 1 alert as acknowledged.');
});
// TODO figure out how to properly test the result and recreate the alert for the next tests
it.skip('should mark as closed', () => {
openTakeActionButtonAndSelectItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_MARK_AS_CLOSED);
cy.get(KIBANA_TOAST).should('be.visible').and('have.text', 'Successfully closed 1 alert.');
});
// TODO figure out why this option is disabled in Cypress but not running the app locally
// https://github.com/elastic/security-team/issues/6300
it('should add endpoint exception', () => {
openTakeActionButton();
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_ENDPOINT_EXCEPTION).should('be.disabled');
});
// TODO this isn't fully testing the add rule exception yet
// https://github.com/elastic/security-team/issues/6301
it('should add rule exception', () => {
openTakeActionButtonAndSelectItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_RULE_EXCEPTION);
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_RULE_EXCEPTION_FLYOUT_HEADER).should('be.visible');
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_RULE_EXCEPTION_FLYOUT_CANCEL_BUTTON)
.should('be.visible')
.click();
});
// TODO figure out why isolate host isn't showing up in the dropdown
// https://github.com/elastic/security-team/issues/6302
// it.skip('should isolate host', () => {});
// TODO this will change when respond is improved
// https://github.com/elastic/security-team/issues/6303
it('should respond', () => {
openTakeActionButton();
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_RESPOND).should('be.disabled');
});
it('should investigate in timeline', () => {
openTakeActionButtonAndSelectItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_INVESTIGATE_IN_TIMELINE);
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_INVESTIGATE_IN_TIMELINE_SECTION)
.first()
.within(() =>
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_INVESTIGATE_IN_TIMELINE_ENTRY).should('be.visible')
);
});
}
);

61
x-pack/plugins/security_solution/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel_header.cy.ts
View file

@ -1,61 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { upperFirst } from 'lodash';
import {
DOCUMENT_DETAILS_OVERVIEW_TAB_HEADER_RISK_SCORE,
DOCUMENT_DETAILS_OVERVIEW_TAB_HEADER_RISK_SCORE_VALUE,
DOCUMENT_DETAILS_OVERVIEW_TAB_HEADER_SEVERITY,
DOCUMENT_DETAILS_OVERVIEW_TAB_HEADER_SEVERITY_VALUE,
DOCUMENT_DETAILS_OVERVIEW_TAB_HEADER_TITLE,
} from '../../../../screens/document_expandable_flyout';
import { expandFirstAlertExpandableFlyout } from '../../../../tasks/document_expandable_flyout';
import { cleanKibana } from '../../../../tasks/common';
import { login, visit } from '../../../../tasks/login';
import { createRule } from '../../../../tasks/api_calls/rules';
import { getNewRule } from '../../../../objects/rule';
import { ALERTS_URL } from '../../../../urls/navigation';
import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule';
// Skipping these for now as the feature is protected behind a feature flag set to false by default
// To run the tests locally, add 'securityFlyoutEnabled' in the Cypress config.ts here https://github.com/elastic/kibana/blob/main/x-pack/test/security_solution_cypress/config.ts#L50
describe.skip(
'Alert details expandable flyout right panel header',
{ env: { ftrConfig: { enableExperimental: ['securityFlyoutEnabled'] } } },
() => {
const rule = getNewRule();
before(() => {
cleanKibana();
login();
createRule(rule);
visit(ALERTS_URL);
waitForAlertsToPopulate();
expandFirstAlertExpandableFlyout();
});
it('should display correct title in header', () => {
cy.get(DOCUMENT_DETAILS_OVERVIEW_TAB_HEADER_TITLE)
.should('be.visible')
.and('have.text', rule.name);
});
it('should display risk score in header', () => {
cy.get(DOCUMENT_DETAILS_OVERVIEW_TAB_HEADER_RISK_SCORE).should('be.visible');
cy.get(DOCUMENT_DETAILS_OVERVIEW_TAB_HEADER_RISK_SCORE_VALUE)
.should('be.visible')
.and('have.text', rule.risk_score);
});
it('should display severity in header', () => {
cy.get(DOCUMENT_DETAILS_OVERVIEW_TAB_HEADER_SEVERITY).should('be.visible');
cy.get(DOCUMENT_DETAILS_OVERVIEW_TAB_HEADER_SEVERITY_VALUE)
.should('be.visible')
.and('have.text', upperFirst(rule.severity));
});
}
);

40
x-pack/plugins/security_solution/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel_json_tab.cy.ts Normal file
View file

@ -0,0 +1,40 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { scrollWithinDocumentDetailsExpandableFlyoutRightSection } from '../../../../tasks/expandable_flyout/alert_details_right_panel_json_tab';
import { openJsonTab } from '../../../../tasks/expandable_flyout/alert_details_right_panel';
import { expandFirstAlertExpandableFlyout } from '../../../../tasks/expandable_flyout/common';
import { DOCUMENT_DETAILS_FLYOUT_JSON_TAB_CONTENT } from '../../../../screens/expandable_flyout/alert_details_right_panel_json_tab';
import { cleanKibana } from '../../../../tasks/common';
import { login, visit } from '../../../../tasks/login';
import { createRule } from '../../../../tasks/api_calls/rules';
import { getNewRule } from '../../../../objects/rule';
import { ALERTS_URL } from '../../../../urls/navigation';
import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule';
describe(
'Alert details expandable flyout right panel json tab',
{ env: { ftrConfig: { enableExperimental: ['securityFlyoutEnabled'] } } },
() => {
beforeEach(() => {
cleanKibana();
login();
createRule(getNewRule());
visit(ALERTS_URL);
waitForAlertsToPopulate();
expandFirstAlertExpandableFlyout();
openJsonTab();
});
it('should display the json component', () => {
// the json component is rendered within a dom element with overflow, so Cypress isn't finding it
// this next line is a hack that vertically scrolls down to ensure Cypress finds it
scrollWithinDocumentDetailsExpandableFlyoutRightSection(0, 7000);
cy.get(DOCUMENT_DETAILS_FLYOUT_JSON_TAB_CONTENT).should('be.visible');
});
}
);

252
x-pack/plugins/security_solution/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel_overview_tab.cy.ts
View file

@ -5,90 +5,97 @@
* 2.0.
*/
/* eslint-disable cypress/unsafe-to-chain-command */
import { DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE } from '../../../../screens/expandable_flyout/alert_details_right_panel';
import { DOCUMENT_DETAILS_FLYOUT_INVESTIGATION_TAB_CONTENT } from '../../../../screens/expandable_flyout/alert_details_left_panel_investigation_tab';
import {
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_MITRE_ATTACK_DETAILS,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_MITRE_ATTACK_TITLE,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_HIGHLIGHTED_FIELDS_DETAILS,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_HIGHLIGHTED_FIELDS_GO_TO_TABLE_LINK,
DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_CONTENT,
DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_EVENT_TYPE_ROW,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_HIGHLIGHTED_FIELDS_HEADER_TITLE,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INVESTIGATION_SECTION_HEADER,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INVESTIGATION_SECTION_CONTENT,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_DESCRIPTION_SECTION_HEADER,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_DESCRIPTION_SECTION_CONTENT,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_REASON_TITLE,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_DESCRIPTION_TITLE,
DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE_CREATE_BUTTON,
DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE_DESCRIPTION_INPUT,
DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE_NAME_INPUT,
} from '../../../../screens/expandable_flyout/common';
import { expandFirstAlertExpandableFlyout } from '../../../../tasks/expandable_flyout/common';
import {
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_ANALYZER_TREE,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_DESCRIPTION_DETAILS,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_DESCRIPTION_EXPAND_BUTTON,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_REASON_DETAILS,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_ENTITIES_HEADER,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_DESCRIPTION_SECTION_CONTENT,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_DESCRIPTION_SECTION_HEADER,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_DESCRIPTION_TITLE,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_HIGHLIGHTED_FIELDS_DETAILS,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_HIGHLIGHTED_FIELDS_GO_TO_TABLE_LINK,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_HIGHLIGHTED_FIELDS_HEADER_TITLE,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_CORRELATIONS_CONTENT,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_CORRELATIONS_HEADER,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_CORRELATIONS_VALUES,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_ENTITIES_CONTENT,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_ENTITY_PANEL_HEADER,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_ENTITIES_HEADER,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_ENTITY_PANEL_CONTENT,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_VIEW_ALL_ENTITIES_BUTTON,
DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_ENTITIES_CONTENT,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_ANALYZER_TREE,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_THREAT_INTELLIGENCE_HEADER,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_ENTITY_PANEL_HEADER,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_PREVALENCE_CONTENT,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_PREVALENCE_HEADER,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_PREVALENCE_VALUES,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_THREAT_INTELLIGENCE_CONTENT,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_THREAT_INTELLIGENCE_HEADER,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_THREAT_INTELLIGENCE_VALUES,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INVESTIGATION_GUIDE_BUTTON,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_CORRELATIONS_HEADER,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_CORRELATIONS_CONTENT,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_CORRELATIONS_VALUES,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_CORRELATIONS_VIEW_ALL_BUTTON,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_PREVALENCE_HEADER,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_PREVALENCE_CONTENT,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_PREVALENCE_VALUES,
} from '../../../../screens/document_expandable_flyout';
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INVESTIGATION_SECTION_CONTENT,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INVESTIGATION_SECTION_HEADER,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_MITRE_ATTACK_DETAILS,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_MITRE_ATTACK_TITLE,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_REASON_DETAILS,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_REASON_TITLE,
} from '../../../../screens/expandable_flyout/alert_details_right_panel_overview_tab';
import {
expandFirstAlertExpandableFlyout,
openOverviewTab,
toggleOverviewTabDescriptionSection,
toggleOverviewTabInvestigationSection,
toggleOverviewTabInsightsSection,
toggleOverviewTabVisualizationsSection,
clickThreatIntelligenceViewAllButton,
clickCorrelationsViewAllButton,
clickEntitiesViewAllButton,
clickInvestigationGuideButton,
clickPrevalenceViewAllButton,
} from '../../../../tasks/document_expandable_flyout';
clickThreatIntelligenceViewAllButton,
toggleOverviewTabDescriptionSection,
toggleOverviewTabInsightsSection,
toggleOverviewTabInvestigationSection,
toggleOverviewTabVisualizationsSection,
} from '../../../../tasks/expandable_flyout/alert_details_right_panel_overview_tab';
import { cleanKibana } from '../../../../tasks/common';
import { login, visit } from '../../../../tasks/login';
import { createRule } from '../../../../tasks/api_calls/rules';
import { getNewRule } from '../../../../objects/rule';
import { ALERTS_URL } from '../../../../urls/navigation';
import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule';
import { openTakeActionButtonAndSelectItem } from '../../../../tasks/expandable_flyout/alert_details_right_panel';
import {
DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_CONTENT,
DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_EVENT_TYPE_ROW,
} from '../../../../screens/expandable_flyout/alert_details_right_panel_table_tab';
import { DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_ENTITIES_CONTENT } from '../../../../screens/expandable_flyout/alert_details_left_panel_entities_tab';
// Skipping these for now as the feature is protected behind a feature flag set to false by default
// To run the tests locally, add 'securityFlyoutEnabled' in the Cypress config.ts here https://github.com/elastic/kibana/blob/main/x-pack/test/security_solution_cypress/config.ts#L50
describe.skip(
describe(
'Alert details expandable flyout right panel overview tab',
{ env: { ftrConfig: { enableExperimental: ['securityFlyoutEnabled'] } } },
() => {
const rule = getNewRule();
before(() => {
beforeEach(() => {
cleanKibana();
login();
createRule(rule);
visit(ALERTS_URL);
waitForAlertsToPopulate();
expandFirstAlertExpandableFlyout();
openOverviewTab();
});
describe('description section', () => {
it('should display description section header and content', () => {
it('should display description section', () => {
cy.log('header and content');
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_DESCRIPTION_SECTION_HEADER)
.should('be.visible')
.and('have.text', 'Description');
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_DESCRIPTION_SECTION_CONTENT).should(
'be.visible'
);
});
it('should display document description and expand button', () => {
cy.log('expand button');
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_DESCRIPTION_TITLE)
.should('be.visible')
.and('have.text', 'Rule description');
@ -103,18 +110,18 @@ describe.skip(
'have.text',
'Collapse'
);
});
it('should display reason', () => {
cy.log('reason');
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_REASON_TITLE)
.should('be.visible')
.and('have.text', 'Alert reason');
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_REASON_DETAILS)
.should('be.visible')
.and('contain.text', rule.name);
});
it('should display mitre attack', () => {
cy.log('mitre attack');
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_MITRE_ATTACK_TITLE)
.should('be.visible')
// @ts-ignore
@ -130,36 +137,42 @@ describe.skip(
});
describe('investigation section', () => {
before(() => {
it('should display investigation section', () => {
toggleOverviewTabDescriptionSection();
toggleOverviewTabInvestigationSection();
});
it('should display description section header and content', () => {
cy.log('header and content');
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INVESTIGATION_SECTION_HEADER)
.should('be.visible')
.and('have.text', 'Investigation');
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INVESTIGATION_SECTION_CONTENT).should(
'be.visible'
);
});
it('should display investigation guide button', () => {
cy.log('investigation guide button');
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INVESTIGATION_GUIDE_BUTTON)
.should('be.visible')
.and('have.text', 'Investigation guide');
});
it('should display highlighted fields', () => {
cy.log('should navigate to left Investigation tab');
clickInvestigationGuideButton();
cy.get(DOCUMENT_DETAILS_FLYOUT_INVESTIGATION_TAB_CONTENT).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_INVESTIGATION_TAB_CONTENT).should('be.visible');
cy.log('highlighted fields');
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_HIGHLIGHTED_FIELDS_HEADER_TITLE)
.should('be.visible')
.and('have.text', 'Highlighted fields');
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_HIGHLIGHTED_FIELDS_DETAILS).should(
'be.visible'
);
});
it('should navigate to table tab when clicking on highlighted fields view button', () => {
cy.log('navigate to table tab when clicking on highlighted fields view button');
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_HIGHLIGHTED_FIELDS_GO_TO_TABLE_LINK)
.should('be.visible')
.click();
@ -169,21 +182,18 @@ describe.skip(
// (in the middle of it vertically) to ensure Cypress finds it
cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_EVENT_TYPE_ROW).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_CONTENT).should('be.visible');
// go back to Overview tab to reset view for next test
openOverviewTab();
});
});
describe('insights section', () => {
before(() => {
it('should display entities section', () => {
toggleOverviewTabDescriptionSection();
toggleOverviewTabInsightsSection();
});
it('should display entities section', () => {
cy.log('header and content');
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_ENTITIES_HEADER).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_ENTITIES_HEADER)
.scrollIntoView()
.should('be.visible')
.and('have.text', 'Entities');
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_ENTITIES_CONTENT).should('be.visible');
@ -193,21 +203,28 @@ describe.skip(
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_ENTITY_PANEL_CONTENT).should(
'be.visible'
);
});
it('should navigate to left panel, entities tab when view all entities is clicked', () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_VIEW_ALL_ENTITIES_BUTTON)
.should('be.visible')
.click();
cy.log('should navigate to left panel Entities tab');
clickEntitiesViewAllButton();
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_ENTITIES_CONTENT).should('be.visible');
});
// TODO work on getting proper IoC data to make the threat intelligence section work here
it.skip('should display threat intelligence section', () => {
it('should display threat intelligence section', () => {
toggleOverviewTabDescriptionSection();
toggleOverviewTabInsightsSection();
cy.log('header and content');
cy.get(
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_THREAT_INTELLIGENCE_HEADER
).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_THREAT_INTELLIGENCE_HEADER)
.scrollIntoView()
.should('be.visible')
.and('have.text', 'Threat Intelligence');
cy.get(
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_THREAT_INTELLIGENCE_CONTENT
).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_THREAT_INTELLIGENCE_CONTENT)
.should('be.visible')
.within(() => {
@ -215,70 +232,81 @@ describe.skip(
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_THREAT_INTELLIGENCE_VALUES)
.eq(0)
.should('be.visible')
.and('have.text', '1 threat match detected'); // TODO
.and('have.text', '0 threat match detected'); // TODO work on getting proper IoC data to get proper data here
// field with threat enrichement
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_THREAT_INTELLIGENCE_VALUES)
.eq(1)
.should('be.visible')
.and('have.text', '1 field enriched with threat intelligence'); // TODO
.and('have.text', '0 field enriched with threat intelligence'); // TODO work on getting proper IoC data to get proper data here
});
});
// TODO work on getting proper IoC data to make the threat intelligence section work here
// and improve when we can navigate Threat Intelligence to sub tab directly
it.skip('should navigate to left panel, entities tab when view all fields of threat intelligence is clicked', () => {
cy.log('should navigate to left panel Threat Intelligence tab');
clickThreatIntelligenceViewAllButton();
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_ENTITIES_CONTENT).should('be.visible');
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_ENTITIES_CONTENT).should('be.visible'); // TODO update when we can navigate to Threat Intelligence sub tab directly
});
// TODO work on getting proper data to display in the cases, ancestry, session and source event sections
it.skip('should display correlations section', () => {
it('should display correlations section', () => {
cy.log('link the alert to a new case');
openTakeActionButtonAndSelectItem(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE);
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE_NAME_INPUT).type('case');
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE_DESCRIPTION_INPUT).type(
'case description'
);
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE_CREATE_BUTTON).click();
toggleOverviewTabDescriptionSection();
toggleOverviewTabInsightsSection();
cy.log('header and content');
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_CORRELATIONS_HEADER).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_CORRELATIONS_HEADER)
.scrollIntoView()
.should('be.visible')
.and('have.text', 'Correlations');
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_CORRELATIONS_CONTENT).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_CORRELATIONS_CONTENT)
.should('be.visible')
.within(() => {
// threat match detected
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_CORRELATIONS_VALUES)
.eq(0)
.should('be.visible')
.and('have.text', '1 related case'); // TODO
// field with threat enrichement
.and('have.text', '1 related case');
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_CORRELATIONS_VALUES)
.eq(1)
.should('be.visible')
.and('have.text', '1 alert related by ancestry'); // TODO
.and('have.text', '1 alert related by ancestry');
// cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_CORRELATIONS_VALUES)
// .eq(2)
// .should('be.visible')
// .and('have.text', '1 alert related by the same source event'); // TODO work on getting proper data to display some same source data here
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_CORRELATIONS_VALUES)
.eq(1)
.eq(2)
.should('be.visible')
.and('have.text', '1 alert related by the same source event'); // TODO
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_CORRELATIONS_VALUES)
.eq(1)
.should('be.visible')
.and('have.text', '1 alert related by session'); // TODO
.and('have.text', '1 alert related by session');
});
});
// TODO work on getting proper data to display in the cases, ancestry, session and source event sections
// and improve when we can navigate Correlations to sub tab directly
it.skip('should navigate to left panel, entities tab when view all fields of correlations is clicked', () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_CORRELATIONS_VIEW_ALL_BUTTON)
.should('be.visible')
.click();
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_ENTITIES_CONTENT).should('be.visible');
cy.log('should navigate to left panel Correlations tab');
clickCorrelationsViewAllButton();
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_ENTITIES_CONTENT).should('be.visible'); // TODO update when we can navigate to Correlations sub tab directly
});
// TODO work on getting proper data to make the prevalence section work here
// we need to generate enough data to have at least one field with prevalence
it.skip('should display prevalence section', () => {
toggleOverviewTabDescriptionSection();
toggleOverviewTabInsightsSection();
cy.log('header and content');
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_PREVALENCE_HEADER).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_PREVALENCE_HEADER)
.scrollIntoView()
.should('be.visible')
.and('have.text', 'Prevalence');
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_PREVALENCE_CONTENT).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_PREVALENCE_CONTENT)
.should('be.visible')
.within(() => {
@ -286,23 +314,19 @@ describe.skip(
.should('be.visible')
.and('have.text', 'is uncommon');
});
});
// TODO work on getting proper data to make the prevalence section work here
// we need to generate enough data to have at least one field with prevalence
it.skip('should navigate to left panel, entities tab when view all fields of prevalence is clicked', () => {
cy.log('should navigate to left panel Prevalence tab');
clickPrevalenceViewAllButton();
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_ENTITIES_CONTENT).should('be.visible');
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_ENTITIES_CONTENT).should('be.visible'); // TODO update when we can navigate to Prevalence sub tab directly
});
});
describe('visualizations section', () => {
before(() => {
toggleOverviewTabInsightsSection();
toggleOverviewTabVisualizationsSection();
});
it('should display analyzer preview', () => {
toggleOverviewTabDescriptionSection();
toggleOverviewTabVisualizationsSection();
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_ANALYZER_TREE).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_ANALYZER_TREE).should('be.visible');
});
});

32
x-pack/plugins/security_solution/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel_table_tab.cy.ts
View file

@ -5,6 +5,8 @@
* 2.0.
*/
import { openTableTab } from '../../../../tasks/expandable_flyout/alert_details_right_panel';
import { expandFirstAlertExpandableFlyout } from '../../../../tasks/expandable_flyout/common';
import { closeTimeline, openActiveTimeline } from '../../../../tasks/timeline';
import { PROVIDER_BADGE } from '../../../../screens/timeline';
import { removeKqlFilter } from '../../../../tasks/search_bar';
@ -13,17 +15,15 @@ import {
DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ID_ROW,
DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_COPY_TO_CLIPBOARD,
DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_TIMESTAMP_ROW,
} from '../../../../screens/document_expandable_flyout';
} from '../../../../screens/expandable_flyout/alert_details_right_panel_table_tab';
import {
addToTimelineTableTabTable,
clearFilterTableTabTable,
copyToClipboardTableTabTable,
expandFirstAlertExpandableFlyout,
filterInTableTabTable,
filterOutTableTabTable,
filterTableTabTable,
openTableTab,
} from '../../../../tasks/document_expandable_flyout';
} from '../../../../tasks/expandable_flyout/alert_details_right_panel_table_tab';
import { cleanKibana } from '../../../../tasks/common';
import { login, visit } from '../../../../tasks/login';
import { createRule } from '../../../../tasks/api_calls/rules';
@ -31,13 +31,11 @@ import { getNewRule } from '../../../../objects/rule';
import { ALERTS_URL } from '../../../../urls/navigation';
import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule';
// Skipping these for now as the feature is protected behind a feature flag set to false by default
// To run the tests locally, add 'securityFlyoutEnabled' in the Cypress config.ts here https://github.com/elastic/kibana/blob/main/x-pack/test/security_solution_cypress/config.ts#L50
describe.skip(
'Alert details expandable flyout right panel',
describe(
'Alert details expandable flyout right panel table tab',
{ env: { ftrConfig: { enableExperimental: ['securityFlyoutEnabled'] } } },
() => {
before(() => {
beforeEach(() => {
cleanKibana();
login();
createRule(getNewRule());
@ -55,26 +53,28 @@ describe.skip(
clearFilterTableTabTable();
});
it('should test filter in cell actions', () => {
it('should test cell actions', () => {
cy.log('cell actions filter in');
filterInTableTabTable();
cy.get(FILTER_BADGE).first().should('contain.text', '@timestamp:');
removeKqlFilter();
});
it('should test filter out cell actions', () => {
cy.log('cell actions filter out');
filterOutTableTabTable();
cy.get(FILTER_BADGE).first().should('contain.text', 'NOT @timestamp:');
removeKqlFilter();
});
it('should test add to timeline cell actions', () => {
cy.log('cell actions add to timeline');
addToTimelineTableTabTable();
openActiveTimeline();
cy.get(PROVIDER_BADGE).first().should('contain.text', '@timestamp');
closeTimeline();
});
it('should test copy to clipboard cell actions', () => {
cy.log('cell actions copy to clipboard');
copyToClipboardTableTabTable();
cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_COPY_TO_CLIPBOARD).should('be.visible');
});

38
x-pack/plugins/security_solution/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_url_sync.cy.ts
View file

@ -8,50 +8,48 @@
import { getNewRule } from '../../../../objects/rule';
import { cleanKibana } from '../../../../tasks/common';
import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule';
import { expandFirstAlertExpandableFlyout } from '../../../../tasks/document_expandable_flyout';
import { login, visit } from '../../../../tasks/login';
import { createRule } from '../../../../tasks/api_calls/rules';
import { ALERTS_URL } from '../../../../urls/navigation';
import {
DOCUMENT_DETAILS_FLYOUT_CLOSE_BUTTON,
DOCUMENT_DETAILS_FLYOUT_HEADER_TITLE,
} from '../../../../screens/document_expandable_flyout';
import { closeFlyout } from '../../../../tasks/expandable_flyout/alert_details_right_panel';
import { expandFirstAlertExpandableFlyout } from '../../../../tasks/expandable_flyout/common';
import { DOCUMENT_DETAILS_FLYOUT_HEADER_TITLE } from '../../../../screens/expandable_flyout/alert_details_right_panel';
// Skipping these for now as the feature is protected behind a feature flag set to false by default
// To run the tests locally, add 'securityFlyoutEnabled' in the Cypress config.ts here https://github.com/elastic/kibana/blob/main/x-pack/test/security_solution_cypress/config.ts#L50
describe.skip(
describe(
'Expandable flyout state sync',
{ env: { ftrConfig: { enableExperimental: ['securityFlyoutEnabled'] } } },
() => {
const rule = getNewRule();
before(() => {
beforeEach(() => {
cleanKibana();
login();
createRule(rule);
visit(ALERTS_URL);
waitForAlertsToPopulate();
});
it('should test flyout url sync', () => {
cy.url().should('not.include', 'eventFlyout');
expandFirstAlertExpandableFlyout();
});
it('should serialize its state to url', () => {
cy.url().should('include', 'eventFlyout');
cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_TITLE).should('be.visible').and('have.text', rule.name);
});
it('should reopen the flyout after browser refresh', () => {
cy.reload();
cy.log('should serialize its state to url');
cy.url().should('include', 'eventFlyout');
cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_TITLE).should('be.visible').and('have.text', rule.name);
});
it('should clear the url state when flyout is closed', () => {
cy.log('should reopen the flyout after browser refresh');
cy.reload();
waitForAlertsToPopulate();
cy.url().should('include', 'eventFlyout');
cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_TITLE).should('be.visible').and('have.text', rule.name);
cy.get(DOCUMENT_DETAILS_FLYOUT_CLOSE_BUTTON).click();
cy.log('should clear the url state when flyout is closed');
closeFlyout();
cy.url().should('not.include', 'eventFlyout');
});

386
x-pack/plugins/security_solution/cypress/screens/document_expandable_flyout.ts
View file

@ -1,386 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import {
ANALYZER_GRAPH_TEST_ID,
SESSION_VIEW_TEST_ID,
ENTITIES_DETAILS_TEST_ID,
THREAT_INTELLIGENCE_DETAILS_TEST_ID,
PREVALENCE_DETAILS_TEST_ID,
CORRELATIONS_DETAILS_TEST_ID,
USER_DETAILS_TEST_ID,
HOST_DETAILS_TEST_ID,
} from '../../public/flyout/left/components/test_ids';
import {
HISTORY_TAB_CONTENT_TEST_ID,
INVESTIGATION_TAB_CONTENT_TEST_ID,
INSIGHTS_TAB_BUTTON_GROUP_TEST_ID,
INSIGHTS_TAB_ENTITIES_BUTTON_TEST_ID,
INSIGHTS_TAB_THREAT_INTELLIGENCE_BUTTON_TEST_ID,
INSIGHTS_TAB_PREVALENCE_BUTTON_TEST_ID,
INSIGHTS_TAB_CORRELATIONS_BUTTON_TEST_ID,
VISUALIZE_TAB_BUTTON_GROUP_TEST_ID,
VISUALIZE_TAB_GRAPH_ANALYZER_BUTTON_TEST_ID,
VISUALIZE_TAB_SESSION_VIEW_BUTTON_TEST_ID,
} from '../../public/flyout/left/tabs/test_ids';
import {
HISTORY_TAB_TEST_ID,
INSIGHTS_TAB_TEST_ID,
INVESTIGATION_TAB_TEST_ID,
VISUALIZE_TAB_TEST_ID,
} from '../../public/flyout/left/test_ids';
import {
FLYOUT_BODY_TEST_ID,
JSON_TAB_TEST_ID,
OVERVIEW_TAB_TEST_ID,
TABLE_TAB_TEST_ID,
} from '../../public/flyout/right/test_ids';
import {
JSON_TAB_CONTENT_TEST_ID,
TABLE_TAB_CONTENT_TEST_ID,
} from '../../public/flyout/right/tabs/test_ids';
import {
COLLAPSE_DETAILS_BUTTON_TEST_ID,
DESCRIPTION_DETAILS_TEST_ID,
DESCRIPTION_EXPAND_BUTTON_TEST_ID,
DESCRIPTION_SECTION_CONTENT_TEST_ID,
DESCRIPTION_SECTION_HEADER_TEST_ID,
DESCRIPTION_TITLE_TEST_ID,
EXPAND_DETAILS_BUTTON_TEST_ID,
FLYOUT_HEADER_RISK_SCORE_TITLE_TEST_ID,
FLYOUT_HEADER_RISK_SCORE_VALUE_TEST_ID,
FLYOUT_HEADER_SEVERITY_TITLE_TEST_ID,
FLYOUT_HEADER_SEVERITY_VALUE_TEST_ID,
FLYOUT_HEADER_TITLE_TEST_ID,
HIGHLIGHTED_FIELDS_DETAILS_TEST_ID,
HIGHLIGHTED_FIELDS_GO_TO_TABLE_LINK,
HIGHLIGHTED_FIELDS_HEADER_EXPAND_ICON_TEST_ID,
HIGHLIGHTED_FIELDS_TEST_ID,
HIGHLIGHTED_FIELDS_TITLE_TEST_ID,
INVESTIGATION_SECTION_CONTENT_TEST_ID,
INVESTIGATION_SECTION_HEADER_TEST_ID,
MITRE_ATTACK_DETAILS_TEST_ID,
MITRE_ATTACK_TITLE_TEST_ID,
REASON_DETAILS_TEST_ID,
REASON_TITLE_TEST_ID,
INSIGHTS_HEADER_TEST_ID,
ENTITIES_HEADER_TEST_ID,
ENTITIES_CONTENT_TEST_ID,
ENTITY_PANEL_HEADER_TEST_ID,
ENTITY_PANEL_CONTENT_TEST_ID,
ENTITIES_VIEW_ALL_BUTTON_TEST_ID,
VISUALIZATIONS_SECTION_HEADER_TEST_ID,
ANALYZER_TREE_TEST_ID,
INSIGHTS_THREAT_INTELLIGENCE_VALUE_TEST_ID,
INSIGHTS_THREAT_INTELLIGENCE_VIEW_ALL_BUTTON_TEST_ID,
INSIGHTS_THREAT_INTELLIGENCE_TITLE_TEST_ID,
INSIGHTS_THREAT_INTELLIGENCE_CONTENT_TEST_ID,
INVESTIGATION_GUIDE_BUTTON_TEST_ID,
INSIGHTS_CORRELATIONS_TITLE_TEST_ID,
INSIGHTS_CORRELATIONS_CONTENT_TEST_ID,
INSIGHTS_CORRELATIONS_VALUE_TEST_ID,
INSIGHTS_CORRELATIONS_VIEW_ALL_BUTTON_TEST_ID,
INSIGHTS_PREVALENCE_TITLE_TEST_ID,
INSIGHTS_PREVALENCE_CONTENT_TEST_ID,
INSIGHTS_PREVALENCE_VALUE_TEST_ID,
INSIGHTS_PREVALENCE_VIEW_ALL_BUTTON_TEST_ID,
} from '../../public/flyout/right/components/test_ids';
import {
getClassSelector,
getDataTestSubjectSelector,
getDataTestSubjectSelectorStartWith,
} from '../helpers/common';
/* Kibana */
export const KIBANA_NAVBAR_ALERTS_PAGE = getDataTestSubjectSelector(
'solutionSideNavItemLink-alerts'
);
export const KIBANA_NAVBAR_CASES_PAGE = getDataTestSubjectSelector('solutionSideNavItemLink-cases');
export const KIBANA_TOAST = getDataTestSubjectSelector('globalToastList');
/* Right section */
export const DOCUMENT_DETAILS_FLYOUT_BODY = getDataTestSubjectSelector(FLYOUT_BODY_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_HEADER_TITLE = getDataTestSubjectSelector(
FLYOUT_HEADER_TITLE_TEST_ID
);
export const DOCUMENT_DETAILS_FLYOUT_EXPAND_DETAILS_BUTTON = getDataTestSubjectSelector(
EXPAND_DETAILS_BUTTON_TEST_ID
);
export const DOCUMENT_DETAILS_FLYOUT_COLLAPSE_DETAILS_BUTTON = getDataTestSubjectSelector(
COLLAPSE_DETAILS_BUTTON_TEST_ID
);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB =
getDataTestSubjectSelector(OVERVIEW_TAB_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB = getDataTestSubjectSelector(TABLE_TAB_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_JSON_TAB = getDataTestSubjectSelector(JSON_TAB_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_CONTENT =
getDataTestSubjectSelector(TABLE_TAB_CONTENT_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_JSON_TAB_CONTENT =
getDataTestSubjectSelector(JSON_TAB_CONTENT_TEST_ID);
/* Left section */
export const DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB =
getDataTestSubjectSelector(VISUALIZE_TAB_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB =
getDataTestSubjectSelector(INSIGHTS_TAB_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_INVESTIGATION_TAB =
getDataTestSubjectSelector(INVESTIGATION_TAB_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_HISTORY_TAB = getDataTestSubjectSelector(HISTORY_TAB_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_INVESTIGATION_TAB_CONTENT = getDataTestSubjectSelector(
INVESTIGATION_TAB_CONTENT_TEST_ID
);
export const DOCUMENT_DETAILS_FLYOUT_HISTORY_TAB_CONTENT = getDataTestSubjectSelector(
HISTORY_TAB_CONTENT_TEST_ID
);
/* Left Section - Visualize tab */
export const DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_BUTTON_GROUP = getDataTestSubjectSelector(
VISUALIZE_TAB_BUTTON_GROUP_TEST_ID
);
export const DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_SESSION_VIEW_BUTTON = getDataTestSubjectSelector(
VISUALIZE_TAB_SESSION_VIEW_BUTTON_TEST_ID
);
export const DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_SESSION_VIEW_CONTENT =
getDataTestSubjectSelector(SESSION_VIEW_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_SESSION_VIEW_NO_DATA =
getDataTestSubjectSelector('sessionView:sessionViewProcessEventsEmpty');
export const DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_GRAPH_ANALYZER_BUTTON =
getDataTestSubjectSelector(VISUALIZE_TAB_GRAPH_ANALYZER_BUTTON_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_GRAPH_ANALYZER_CONTENT =
getDataTestSubjectSelector(ANALYZER_GRAPH_TEST_ID);
/* Left Section - Insights tab */
export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_BUTTON_GROUP = getDataTestSubjectSelector(
INSIGHTS_TAB_BUTTON_GROUP_TEST_ID
);
export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_ENTITIES_BUTTON = getDataTestSubjectSelector(
INSIGHTS_TAB_ENTITIES_BUTTON_TEST_ID
);
export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_ENTITIES_CONTENT =
getDataTestSubjectSelector(ENTITIES_DETAILS_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_USER_DETAILS =
getDataTestSubjectSelector(USER_DETAILS_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_HOST_DETAILS =
getDataTestSubjectSelector(HOST_DETAILS_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_THREAT_INTELLIGENCE_BUTTON =
getDataTestSubjectSelector(INSIGHTS_TAB_THREAT_INTELLIGENCE_BUTTON_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_THREAT_INTELLIGENCE_CONTENT =
getDataTestSubjectSelector(THREAT_INTELLIGENCE_DETAILS_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_BUTTON = getDataTestSubjectSelector(
INSIGHTS_TAB_PREVALENCE_BUTTON_TEST_ID
);
export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_CONTENT = getDataTestSubjectSelector(
PREVALENCE_DETAILS_TEST_ID
);
export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_CORRELATIONS_BUTTON = getDataTestSubjectSelector(
INSIGHTS_TAB_CORRELATIONS_BUTTON_TEST_ID
);
export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_CORRELATIONS_CONTENT = getDataTestSubjectSelector(
CORRELATIONS_DETAILS_TEST_ID
);
/* Footer */
export const DOCUMENT_DETAILS_FLYOUT_FOOTER = getDataTestSubjectSelector(
'side-panel-flyout-footer'
);
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON = getDataTestSubjectSelector(
'take-action-dropdown-btn'
);
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON_DROPDOWN =
getDataTestSubjectSelector('takeActionPanelMenu');
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_EXISTING_CASE = getDataTestSubjectSelector(
'add-to-existing-case-action'
);
export const CREATE_CASE_BUTTON = `[data-test-subj="createNewCaseBtn"]`;
export const NEW_CASE_NAME_INPUT = `[data-test-subj="input"][aria-describedby="caseTitle"]`;
export const NEW_CASE_DESCRIPTION_INPUT = getDataTestSubjectSelector('euiMarkdownEditorTextArea');
export const NEW_CASE_CREATE_BUTTON = getDataTestSubjectSelector('create-case-submit');
export const EXISTING_CASE_SELECT_BUTTON =
getDataTestSubjectSelectorStartWith('cases-table-row-select-');
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE =
getDataTestSubjectSelector('add-to-new-case-action');
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE_NAME_INPUT = NEW_CASE_NAME_INPUT;
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE_DESCRIPTION_INPUT =
NEW_CASE_DESCRIPTION_INPUT;
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE_CREATE_BUTTON = NEW_CASE_CREATE_BUTTON;
export const VIEW_CASE_TOASTER_LINK = getDataTestSubjectSelector('toaster-content-case-view-link');
export const CASE_ACTION_WRAPPER = getDataTestSubjectSelector('case-action-bar-wrapper');
export const CASE_ELLIPSE_BUTTON = getDataTestSubjectSelector('property-actions-case-ellipses');
export const CASE_ELLIPSE_DELETE_CASE_OPTION = getDataTestSubjectSelector(
'property-actions-case-trash'
);
export const CASE_ELLIPSE_DELETE_CASE_CONFIRMATION_BUTTON = getDataTestSubjectSelector(
'confirmModalConfirmButton'
);
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_MARK_AS_ACKNOWLEDGED = getDataTestSubjectSelector(
'acknowledged-alert-status'
);
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_MARK_AS_CLOSED =
getDataTestSubjectSelector('close-alert-status');
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_ENDPOINT_EXCEPTION = getDataTestSubjectSelector(
'add-endpoint-exception-menu-item'
);
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_RULE_EXCEPTION =
getDataTestSubjectSelector('add-exception-menu-item');
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_RULE_EXCEPTION_FLYOUT_HEADER =
getDataTestSubjectSelector('exceptionFlyoutTitle');
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_RULE_EXCEPTION_FLYOUT_CANCEL_BUTTON =
getDataTestSubjectSelector('cancelExceptionAddButton');
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_RESPOND = getDataTestSubjectSelector(
'endpointResponseActions-action-item'
);
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_INVESTIGATE_IN_TIMELINE = getDataTestSubjectSelector(
'investigate-in-timeline-action-item'
);
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_INVESTIGATE_IN_TIMELINE_SECTION =
getDataTestSubjectSelector('timelineHeader');
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_INVESTIGATE_IN_TIMELINE_ENTRY =
getDataTestSubjectSelector('providerContainer');
/* Overview tab */
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_DESCRIPTION_SECTION_HEADER =
getDataTestSubjectSelector(DESCRIPTION_SECTION_HEADER_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_DESCRIPTION_SECTION_CONTENT =
getDataTestSubjectSelector(DESCRIPTION_SECTION_CONTENT_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_DESCRIPTION_TITLE =
getDataTestSubjectSelector(DESCRIPTION_TITLE_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_DESCRIPTION_DETAILS = getDataTestSubjectSelector(
DESCRIPTION_DETAILS_TEST_ID
);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_DESCRIPTION_EXPAND_BUTTON =
getDataTestSubjectSelector(DESCRIPTION_EXPAND_BUTTON_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_REASON_TITLE =
getDataTestSubjectSelector(REASON_TITLE_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_REASON_DETAILS =
getDataTestSubjectSelector(REASON_DETAILS_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_MITRE_ATTACK_TITLE = getDataTestSubjectSelector(
MITRE_ATTACK_TITLE_TEST_ID
);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_MITRE_ATTACK_DETAILS = getDataTestSubjectSelector(
MITRE_ATTACK_DETAILS_TEST_ID
);
export const DOCUMENT_DETAILS_OVERVIEW_TAB_HEADER_TITLE = getDataTestSubjectSelector(
FLYOUT_HEADER_TITLE_TEST_ID
);
export const DOCUMENT_DETAILS_OVERVIEW_TAB_HEADER_RISK_SCORE = getDataTestSubjectSelector(
FLYOUT_HEADER_RISK_SCORE_TITLE_TEST_ID
);
export const DOCUMENT_DETAILS_OVERVIEW_TAB_HEADER_RISK_SCORE_VALUE = getDataTestSubjectSelector(
FLYOUT_HEADER_RISK_SCORE_VALUE_TEST_ID
);
export const DOCUMENT_DETAILS_OVERVIEW_TAB_HEADER_SEVERITY = getDataTestSubjectSelector(
FLYOUT_HEADER_SEVERITY_TITLE_TEST_ID
);
export const DOCUMENT_DETAILS_OVERVIEW_TAB_HEADER_SEVERITY_VALUE = getDataTestSubjectSelector(
FLYOUT_HEADER_SEVERITY_VALUE_TEST_ID
);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_HIGHLIGHTED_FIELDS = getDataTestSubjectSelector(
HIGHLIGHTED_FIELDS_TEST_ID
);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_HIGHLIGHTED_FIELDS_HEADER_EXPAND_ICON =
getDataTestSubjectSelector(HIGHLIGHTED_FIELDS_HEADER_EXPAND_ICON_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INVESTIGATION_SECTION_HEADER =
getDataTestSubjectSelector(INVESTIGATION_SECTION_HEADER_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INVESTIGATION_SECTION_CONTENT =
getDataTestSubjectSelector(INVESTIGATION_SECTION_CONTENT_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_HIGHLIGHTED_FIELDS_HEADER_TITLE =
getDataTestSubjectSelector(HIGHLIGHTED_FIELDS_TITLE_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_HIGHLIGHTED_FIELDS_DETAILS =
getDataTestSubjectSelector(HIGHLIGHTED_FIELDS_DETAILS_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_HIGHLIGHTED_FIELDS_GO_TO_TABLE_LINK =
getDataTestSubjectSelector(HIGHLIGHTED_FIELDS_GO_TO_TABLE_LINK);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INVESTIGATION_GUIDE_BUTTON =
getDataTestSubjectSelector(INVESTIGATION_GUIDE_BUTTON_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_SECTION_HEADER =
getDataTestSubjectSelector(INSIGHTS_HEADER_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_ENTITIES_HEADER =
getDataTestSubjectSelector(ENTITIES_HEADER_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_ENTITIES_CONTENT =
getDataTestSubjectSelector(ENTITIES_CONTENT_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_VIEW_ALL_ENTITIES_BUTTON =
getDataTestSubjectSelector(ENTITIES_VIEW_ALL_BUTTON_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_ENTITY_PANEL_HEADER =
getDataTestSubjectSelector(ENTITY_PANEL_HEADER_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_ENTITY_PANEL_CONTENT =
getDataTestSubjectSelector(ENTITY_PANEL_CONTENT_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_THREAT_INTELLIGENCE_HEADER =
getDataTestSubjectSelector(INSIGHTS_THREAT_INTELLIGENCE_TITLE_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_THREAT_INTELLIGENCE_CONTENT =
getDataTestSubjectSelector(INSIGHTS_THREAT_INTELLIGENCE_CONTENT_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_THREAT_INTELLIGENCE_VALUES =
getDataTestSubjectSelector(INSIGHTS_THREAT_INTELLIGENCE_VALUE_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_THREAT_INTELLIGENCE_VIEW_ALL_BUTTON =
getDataTestSubjectSelector(INSIGHTS_THREAT_INTELLIGENCE_VIEW_ALL_BUTTON_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_CORRELATIONS_HEADER =
getDataTestSubjectSelector(INSIGHTS_CORRELATIONS_TITLE_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_CORRELATIONS_CONTENT =
getDataTestSubjectSelector(INSIGHTS_CORRELATIONS_CONTENT_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_CORRELATIONS_VALUES =
getDataTestSubjectSelector(INSIGHTS_CORRELATIONS_VALUE_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_CORRELATIONS_VIEW_ALL_BUTTON =
getDataTestSubjectSelector(INSIGHTS_CORRELATIONS_VIEW_ALL_BUTTON_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_PREVALENCE_HEADER =
getDataTestSubjectSelector(INSIGHTS_PREVALENCE_TITLE_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_PREVALENCE_CONTENT =
getDataTestSubjectSelector(INSIGHTS_PREVALENCE_CONTENT_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_PREVALENCE_VALUES =
getDataTestSubjectSelector(INSIGHTS_PREVALENCE_VALUE_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_PREVALENCE_VIEW_ALL_BUTTON =
getDataTestSubjectSelector(INSIGHTS_PREVALENCE_VIEW_ALL_BUTTON_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_VISUALIZATIONS_SECTION_HEADER =
getDataTestSubjectSelector(VISUALIZATIONS_SECTION_HEADER_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_ANALYZER_TREE =
getDataTestSubjectSelector(ANALYZER_TREE_TEST_ID);
/* Table tab */
export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_FILTER = getClassSelector('euiFieldSearch');
export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_CLEAR_FILTER =
getDataTestSubjectSelector('clearSearchButton');
export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_TIMESTAMP_ROW = getDataTestSubjectSelector(
'event-fields-table-row-@timestamp'
);
export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ID_ROW = getDataTestSubjectSelector(
'event-fields-table-row-_id'
);
export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_EVENT_TYPE_ROW = getDataTestSubjectSelector(
'event-fields-table-row-event.type'
);
export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_FILTER_IN = getDataTestSubjectSelector(
'actionItem-security-detailsFlyout-cellActions-filterIn'
);
export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_FILTER_OUT = getDataTestSubjectSelector(
'actionItem-security-detailsFlyout-cellActions-filterOut'
);
export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_MORE_ACTIONS =
getDataTestSubjectSelector('showExtraActionsButton');
export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_ADD_TO_TIMELINE =
getDataTestSubjectSelector('actionItem-security-detailsFlyout-cellActions-addToTimeline');
export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_COPY_TO_CLIPBOARD =
getDataTestSubjectSelector('actionItem-security-detailsFlyout-cellActions-copyToClipboard');
export const DOCUMENT_DETAILS_FLYOUT_CLOSE_BUTTON =
getDataTestSubjectSelector('euiFlyoutCloseButton');

24
x-pack/plugins/security_solution/cypress/screens/expandable_flyout/alert_details_left_panel.ts Normal file
View file

@ -0,0 +1,24 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import {
INSIGHTS_TAB_BUTTON_GROUP_TEST_ID,
VISUALIZE_TAB_BUTTON_GROUP_TEST_ID,
} from '../../../public/flyout/left/tabs/test_ids';
import { getDataTestSubjectSelector } from '../../helpers/common';
import { INSIGHTS_TAB_TEST_ID, VISUALIZE_TAB_TEST_ID } from '../../../public/flyout/left/test_ids';
export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB =
getDataTestSubjectSelector(INSIGHTS_TAB_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB =
getDataTestSubjectSelector(VISUALIZE_TAB_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_BUTTON_GROUP = getDataTestSubjectSelector(
VISUALIZE_TAB_BUTTON_GROUP_TEST_ID
);
export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_BUTTON_GROUP = getDataTestSubjectSelector(
INSIGHTS_TAB_BUTTON_GROUP_TEST_ID
);

15
x-pack/plugins/security_solution/cypress/screens/expandable_flyout/alert_details_left_panel_analyzer_graph_tab.ts Normal file
View file

@ -0,0 +1,15 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { getDataTestSubjectSelector } from '../../helpers/common';
import { VISUALIZE_TAB_GRAPH_ANALYZER_BUTTON_TEST_ID } from '../../../public/flyout/left/tabs/test_ids';
import { ANALYZER_GRAPH_TEST_ID } from '../../../public/flyout/left/components/test_ids';
export const DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_GRAPH_ANALYZER_BUTTON =
getDataTestSubjectSelector(VISUALIZE_TAB_GRAPH_ANALYZER_BUTTON_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_GRAPH_ANALYZER_CONTENT =
getDataTestSubjectSelector(ANALYZER_GRAPH_TEST_ID);

13
x-pack/plugins/security_solution/cypress/screens/expandable_flyout/alert_details_left_panel_correlations_tab.ts Normal file
View file

@ -0,0 +1,13 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { getDataTestSubjectSelector } from '../../helpers/common';
import { INSIGHTS_TAB_CORRELATIONS_BUTTON_TEST_ID } from '../../../public/flyout/left/tabs/test_ids';
export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_CORRELATIONS_BUTTON = getDataTestSubjectSelector(
INSIGHTS_TAB_CORRELATIONS_BUTTON_TEST_ID
);

25
x-pack/plugins/security_solution/cypress/screens/expandable_flyout/alert_details_left_panel_entities_tab.ts Normal file
View file

@ -0,0 +1,25 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import {
ENTITIES_DETAILS_TEST_ID,
HOST_DETAILS_TEST_ID,
USER_DETAILS_TEST_ID,
} from '../../../public/flyout/left/components/test_ids';
import { getDataTestSubjectSelector } from '../../helpers/common';
import { INSIGHTS_TAB_ENTITIES_BUTTON_TEST_ID } from '../../../public/flyout/left/tabs/test_ids';
export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_ENTITIES_BUTTON = getDataTestSubjectSelector(
INSIGHTS_TAB_ENTITIES_BUTTON_TEST_ID
);
export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_ENTITIES_CONTENT =
getDataTestSubjectSelector(ENTITIES_DETAILS_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_USER_DETAILS =
getDataTestSubjectSelector(USER_DETAILS_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_HOST_DETAILS =
getDataTestSubjectSelector(HOST_DETAILS_TEST_ID);

16
x-pack/plugins/security_solution/cypress/screens/expandable_flyout/alert_details_left_panel_investigation_tab.ts Normal file
View file

@ -0,0 +1,16 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { getDataTestSubjectSelector } from '../../helpers/common';
import { INVESTIGATION_TAB_TEST_ID } from '../../../public/flyout/left/test_ids';
import { INVESTIGATION_TAB_CONTENT_TEST_ID } from '../../../public/flyout/left/tabs/test_ids';
export const DOCUMENT_DETAILS_FLYOUT_INVESTIGATION_TAB =
getDataTestSubjectSelector(INVESTIGATION_TAB_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_INVESTIGATION_TAB_CONTENT = getDataTestSubjectSelector(
INVESTIGATION_TAB_CONTENT_TEST_ID
);

13
x-pack/plugins/security_solution/cypress/screens/expandable_flyout/alert_details_left_panel_prevalence_tab.ts Normal file
View file

@ -0,0 +1,13 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { getDataTestSubjectSelector } from '../../helpers/common';
import { INSIGHTS_TAB_PREVALENCE_BUTTON_TEST_ID } from '../../../public/flyout/left/tabs/test_ids';
export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_BUTTON = getDataTestSubjectSelector(
INSIGHTS_TAB_PREVALENCE_BUTTON_TEST_ID
);

17
x-pack/plugins/security_solution/cypress/screens/expandable_flyout/alert_details_left_panel_session_view_tab.ts Normal file
View file

@ -0,0 +1,17 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { getDataTestSubjectSelector } from '../../helpers/common';
import { VISUALIZE_TAB_SESSION_VIEW_BUTTON_TEST_ID } from '../../../public/flyout/left/tabs/test_ids';
import { SESSION_VIEW_ERROR_TEST_ID } from '../../../public/flyout/left/components/test_ids';
export const DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_SESSION_VIEW_BUTTON = getDataTestSubjectSelector(
VISUALIZE_TAB_SESSION_VIEW_BUTTON_TEST_ID
);
export const DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_SESSION_VIEW_ERROR = getDataTestSubjectSelector(
SESSION_VIEW_ERROR_TEST_ID
);

12
x-pack/plugins/security_solution/cypress/screens/expandable_flyout/alert_details_left_panel_threat_intelligence_tab.ts Normal file
View file

@ -0,0 +1,12 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { getDataTestSubjectSelector } from '../../helpers/common';
import { INSIGHTS_TAB_THREAT_INTELLIGENCE_BUTTON_TEST_ID } from '../../../public/flyout/left/tabs/test_ids';
export const DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_THREAT_INTELLIGENCE_BUTTON =
getDataTestSubjectSelector(INSIGHTS_TAB_THREAT_INTELLIGENCE_BUTTON_TEST_ID);

98
x-pack/plugins/security_solution/cypress/screens/expandable_flyout/alert_details_right_panel.ts Normal file
View file

@ -0,0 +1,98 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { getDataTestSubjectSelector } from '../../helpers/common';
import {
FLYOUT_BODY_TEST_ID,
JSON_TAB_TEST_ID,
OVERVIEW_TAB_TEST_ID,
TABLE_TAB_TEST_ID,
} from '../../../public/flyout/right/test_ids';
import {
COLLAPSE_DETAILS_BUTTON_TEST_ID,
EXPAND_DETAILS_BUTTON_TEST_ID,
FLYOUT_HEADER_RISK_SCORE_TITLE_TEST_ID,
FLYOUT_HEADER_RISK_SCORE_VALUE_TEST_ID,
FLYOUT_HEADER_SEVERITY_TITLE_TEST_ID,
FLYOUT_HEADER_SEVERITY_VALUE_TEST_ID,
FLYOUT_HEADER_TITLE_TEST_ID,
} from '../../../public/flyout/right/components/test_ids';
export const DOCUMENT_DETAILS_FLYOUT_BODY = getDataTestSubjectSelector(FLYOUT_BODY_TEST_ID);
/* Header */
export const DOCUMENT_DETAILS_FLYOUT_HEADER_TITLE = getDataTestSubjectSelector(
FLYOUT_HEADER_TITLE_TEST_ID
);
export const DOCUMENT_DETAILS_FLYOUT_CLOSE_BUTTON =
getDataTestSubjectSelector('euiFlyoutCloseButton');
export const DOCUMENT_DETAILS_FLYOUT_EXPAND_DETAILS_BUTTON = getDataTestSubjectSelector(
EXPAND_DETAILS_BUTTON_TEST_ID
);
export const DOCUMENT_DETAILS_FLYOUT_COLLAPSE_DETAILS_BUTTON = getDataTestSubjectSelector(
COLLAPSE_DETAILS_BUTTON_TEST_ID
);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB =
getDataTestSubjectSelector(OVERVIEW_TAB_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB = getDataTestSubjectSelector(TABLE_TAB_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_JSON_TAB = getDataTestSubjectSelector(JSON_TAB_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_HEADER_RISK_SCORE = getDataTestSubjectSelector(
FLYOUT_HEADER_RISK_SCORE_TITLE_TEST_ID
);
export const DOCUMENT_DETAILS_FLYOUT_HEADER_RISK_SCORE_VALUE = getDataTestSubjectSelector(
FLYOUT_HEADER_RISK_SCORE_VALUE_TEST_ID
);
export const DOCUMENT_DETAILS_FLYOUT_HEADER_SEVERITY = getDataTestSubjectSelector(
FLYOUT_HEADER_SEVERITY_TITLE_TEST_ID
);
export const DOCUMENT_DETAILS_FLYOUT_HEADER_SEVERITY_VALUE = getDataTestSubjectSelector(
FLYOUT_HEADER_SEVERITY_VALUE_TEST_ID
);
/* Footer */
export const DOCUMENT_DETAILS_FLYOUT_FOOTER = getDataTestSubjectSelector(
'side-panel-flyout-footer'
);
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON = getDataTestSubjectSelector(
'take-action-dropdown-btn'
);
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON_DROPDOWN =
getDataTestSubjectSelector('takeActionPanelMenu');
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE =
getDataTestSubjectSelector('add-to-new-case-action');
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_EXISTING_CASE = getDataTestSubjectSelector(
'add-to-existing-case-action'
);
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_MARK_AS_ACKNOWLEDGED = getDataTestSubjectSelector(
'acknowledged-alert-status'
);
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_MARK_AS_CLOSED =
getDataTestSubjectSelector('close-alert-status');
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_ENDPOINT_EXCEPTION = getDataTestSubjectSelector(
'add-endpoint-exception-menu-item'
);
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_RULE_EXCEPTION =
getDataTestSubjectSelector('add-exception-menu-item');
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_RULE_EXCEPTION_FLYOUT_HEADER =
getDataTestSubjectSelector('exceptionFlyoutTitle');
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_RULE_EXCEPTION_FLYOUT_CANCEL_BUTTON =
getDataTestSubjectSelector('cancelExceptionAddButton');
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_ISOLATE_HOST = getDataTestSubjectSelector(
'isolate-host-action-item'
);
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_RESPOND = getDataTestSubjectSelector(
'endpointResponseActions-action-item'
);
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_INVESTIGATE_IN_TIMELINE = getDataTestSubjectSelector(
'investigate-in-timeline-action-item'
);
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_INVESTIGATE_IN_TIMELINE_SECTION =
getDataTestSubjectSelector('timelineHeader');
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_INVESTIGATE_IN_TIMELINE_ENTRY =
getDataTestSubjectSelector('providerContainer');

12
x-pack/plugins/security_solution/cypress/screens/expandable_flyout/alert_details_right_panel_json_tab.ts Normal file
View file

@ -0,0 +1,12 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { getDataTestSubjectSelector } from '../../helpers/common';
import { JSON_TAB_CONTENT_TEST_ID } from '../../../public/flyout/right/tabs/test_ids';
export const DOCUMENT_DETAILS_FLYOUT_JSON_TAB_CONTENT =
getDataTestSubjectSelector(JSON_TAB_CONTENT_TEST_ID);

131
x-pack/plugins/security_solution/cypress/screens/expandable_flyout/alert_details_right_panel_overview_tab.ts Normal file
View file

@ -0,0 +1,131 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { getDataTestSubjectSelector } from '../../helpers/common';
import {
ANALYZER_TREE_TEST_ID,
DESCRIPTION_DETAILS_TEST_ID,
DESCRIPTION_EXPAND_BUTTON_TEST_ID,
DESCRIPTION_SECTION_CONTENT_TEST_ID,
DESCRIPTION_SECTION_HEADER_TEST_ID,
DESCRIPTION_TITLE_TEST_ID,
ENTITIES_CONTENT_TEST_ID,
ENTITIES_HEADER_TEST_ID,
ENTITIES_VIEW_ALL_BUTTON_TEST_ID,
ENTITY_PANEL_CONTENT_TEST_ID,
ENTITY_PANEL_HEADER_TEST_ID,
HIGHLIGHTED_FIELDS_DETAILS_TEST_ID,
HIGHLIGHTED_FIELDS_GO_TO_TABLE_LINK,
HIGHLIGHTED_FIELDS_TITLE_TEST_ID,
INSIGHTS_CORRELATIONS_CONTENT_TEST_ID,
INSIGHTS_CORRELATIONS_TITLE_TEST_ID,
INSIGHTS_CORRELATIONS_VALUE_TEST_ID,
INSIGHTS_CORRELATIONS_VIEW_ALL_BUTTON_TEST_ID,
INSIGHTS_HEADER_TEST_ID,
INSIGHTS_PREVALENCE_CONTENT_TEST_ID,
INSIGHTS_PREVALENCE_TITLE_TEST_ID,
INSIGHTS_PREVALENCE_VALUE_TEST_ID,
INSIGHTS_PREVALENCE_VIEW_ALL_BUTTON_TEST_ID,
INSIGHTS_THREAT_INTELLIGENCE_CONTENT_TEST_ID,
INSIGHTS_THREAT_INTELLIGENCE_TITLE_TEST_ID,
INSIGHTS_THREAT_INTELLIGENCE_VALUE_TEST_ID,
INSIGHTS_THREAT_INTELLIGENCE_VIEW_ALL_BUTTON_TEST_ID,
INVESTIGATION_GUIDE_BUTTON_TEST_ID,
INVESTIGATION_SECTION_CONTENT_TEST_ID,
INVESTIGATION_SECTION_HEADER_TEST_ID,
MITRE_ATTACK_DETAILS_TEST_ID,
MITRE_ATTACK_TITLE_TEST_ID,
REASON_DETAILS_TEST_ID,
REASON_TITLE_TEST_ID,
VISUALIZATIONS_SECTION_HEADER_TEST_ID,
} from '../../../public/flyout/right/components/test_ids';
/* Description section */
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_DESCRIPTION_SECTION_HEADER =
getDataTestSubjectSelector(DESCRIPTION_SECTION_HEADER_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_DESCRIPTION_SECTION_CONTENT =
getDataTestSubjectSelector(DESCRIPTION_SECTION_CONTENT_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_DESCRIPTION_TITLE =
getDataTestSubjectSelector(DESCRIPTION_TITLE_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_DESCRIPTION_DETAILS = getDataTestSubjectSelector(
DESCRIPTION_DETAILS_TEST_ID
);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_DESCRIPTION_EXPAND_BUTTON =
getDataTestSubjectSelector(DESCRIPTION_EXPAND_BUTTON_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_REASON_TITLE =
getDataTestSubjectSelector(REASON_TITLE_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_REASON_DETAILS =
getDataTestSubjectSelector(REASON_DETAILS_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_MITRE_ATTACK_TITLE = getDataTestSubjectSelector(
MITRE_ATTACK_TITLE_TEST_ID
);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_MITRE_ATTACK_DETAILS = getDataTestSubjectSelector(
MITRE_ATTACK_DETAILS_TEST_ID
);
/* Investigation section */
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INVESTIGATION_SECTION_HEADER =
getDataTestSubjectSelector(INVESTIGATION_SECTION_HEADER_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INVESTIGATION_SECTION_CONTENT =
getDataTestSubjectSelector(INVESTIGATION_SECTION_CONTENT_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_HIGHLIGHTED_FIELDS_HEADER_TITLE =
getDataTestSubjectSelector(HIGHLIGHTED_FIELDS_TITLE_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_HIGHLIGHTED_FIELDS_DETAILS =
getDataTestSubjectSelector(HIGHLIGHTED_FIELDS_DETAILS_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_HIGHLIGHTED_FIELDS_GO_TO_TABLE_LINK =
getDataTestSubjectSelector(HIGHLIGHTED_FIELDS_GO_TO_TABLE_LINK);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INVESTIGATION_GUIDE_BUTTON =
getDataTestSubjectSelector(INVESTIGATION_GUIDE_BUTTON_TEST_ID);
/* Insights section */
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_SECTION_HEADER =
getDataTestSubjectSelector(INSIGHTS_HEADER_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_ENTITIES_HEADER =
getDataTestSubjectSelector(ENTITIES_HEADER_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_ENTITIES_CONTENT =
getDataTestSubjectSelector(ENTITIES_CONTENT_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_VIEW_ALL_ENTITIES_BUTTON =
getDataTestSubjectSelector(ENTITIES_VIEW_ALL_BUTTON_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_ENTITY_PANEL_HEADER =
getDataTestSubjectSelector(ENTITY_PANEL_HEADER_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_ENTITY_PANEL_CONTENT =
getDataTestSubjectSelector(ENTITY_PANEL_CONTENT_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_THREAT_INTELLIGENCE_HEADER =
getDataTestSubjectSelector(INSIGHTS_THREAT_INTELLIGENCE_TITLE_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_THREAT_INTELLIGENCE_CONTENT =
getDataTestSubjectSelector(INSIGHTS_THREAT_INTELLIGENCE_CONTENT_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_THREAT_INTELLIGENCE_VALUES =
getDataTestSubjectSelector(INSIGHTS_THREAT_INTELLIGENCE_VALUE_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_THREAT_INTELLIGENCE_VIEW_ALL_BUTTON =
getDataTestSubjectSelector(INSIGHTS_THREAT_INTELLIGENCE_VIEW_ALL_BUTTON_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_CORRELATIONS_HEADER =
getDataTestSubjectSelector(INSIGHTS_CORRELATIONS_TITLE_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_CORRELATIONS_CONTENT =
getDataTestSubjectSelector(INSIGHTS_CORRELATIONS_CONTENT_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_CORRELATIONS_VALUES =
getDataTestSubjectSelector(INSIGHTS_CORRELATIONS_VALUE_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_CORRELATIONS_VIEW_ALL_BUTTON =
getDataTestSubjectSelector(INSIGHTS_CORRELATIONS_VIEW_ALL_BUTTON_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_PREVALENCE_HEADER =
getDataTestSubjectSelector(INSIGHTS_PREVALENCE_TITLE_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_PREVALENCE_CONTENT =
getDataTestSubjectSelector(INSIGHTS_PREVALENCE_CONTENT_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_PREVALENCE_VALUES =
getDataTestSubjectSelector(INSIGHTS_PREVALENCE_VALUE_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_PREVALENCE_VIEW_ALL_BUTTON =
getDataTestSubjectSelector(INSIGHTS_PREVALENCE_VIEW_ALL_BUTTON_TEST_ID);
/* Visualization section */
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_VISUALIZATIONS_SECTION_HEADER =
getDataTestSubjectSelector(VISUALIZATIONS_SECTION_HEADER_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_ANALYZER_TREE =
getDataTestSubjectSelector(ANALYZER_TREE_TEST_ID);

37
x-pack/plugins/security_solution/cypress/screens/expandable_flyout/alert_details_right_panel_table_tab.ts Normal file
View file

@ -0,0 +1,37 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { getClassSelector, getDataTestSubjectSelector } from '../../helpers/common';
import { TABLE_TAB_CONTENT_TEST_ID } from '../../../public/flyout/right/tabs/test_ids';
export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_CONTENT =
getDataTestSubjectSelector(TABLE_TAB_CONTENT_TEST_ID);
export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_FILTER = getClassSelector('euiFieldSearch');
export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_CLEAR_FILTER =
getDataTestSubjectSelector('clearSearchButton');
export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_TIMESTAMP_ROW = getDataTestSubjectSelector(
'event-fields-table-row-@timestamp'
);
export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ID_ROW = getDataTestSubjectSelector(
'event-fields-table-row-_id'
);
export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_EVENT_TYPE_ROW = getDataTestSubjectSelector(
'event-fields-table-row-event.type'
);
export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_FILTER_IN = getDataTestSubjectSelector(
'actionItem-security-detailsFlyout-cellActions-filterIn'
);
export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_FILTER_OUT = getDataTestSubjectSelector(
'actionItem-security-detailsFlyout-cellActions-filterOut'
);
export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_MORE_ACTIONS =
getDataTestSubjectSelector('showExtraActionsButton');
export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_ADD_TO_TIMELINE =
getDataTestSubjectSelector('actionItem-security-detailsFlyout-cellActions-addToTimeline');
export const DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_COPY_TO_CLIPBOARD =
getDataTestSubjectSelector('actionItem-security-detailsFlyout-cellActions-copyToClipboard');

27
x-pack/plugins/security_solution/cypress/screens/expandable_flyout/common.ts Normal file
View file

@ -0,0 +1,27 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import {
getDataTestSubjectSelector,
getDataTestSubjectSelectorStartWith,
} from '../../helpers/common';
export const KIBANA_NAVBAR_ALERTS_PAGE = getDataTestSubjectSelector(
'solutionSideNavItemLink-alerts'
);
export const KIBANA_NAVBAR_CASES_PAGE = getDataTestSubjectSelector('solutionSideNavItemLink-cases');
export const VIEW_CASE_TOASTER_LINK = getDataTestSubjectSelector('toaster-content-case-view-link');
export const CREATE_CASE_BUTTON = `[data-test-subj="createNewCaseBtn"]`;
export const NEW_CASE_NAME_INPUT = `[data-test-subj="input"][aria-describedby="caseTitle"]`;
export const NEW_CASE_DESCRIPTION_INPUT = getDataTestSubjectSelector('euiMarkdownEditorTextArea');
export const NEW_CASE_CREATE_BUTTON = getDataTestSubjectSelector('create-case-submit');
export const EXISTING_CASE_SELECT_BUTTON =
getDataTestSubjectSelectorStartWith('cases-table-row-select-');
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE_NAME_INPUT = NEW_CASE_NAME_INPUT;
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE_DESCRIPTION_INPUT =
NEW_CASE_DESCRIPTION_INPUT;
export const DOCUMENT_DETAILS_FLYOUT_FOOTER_ADD_TO_NEW_CASE_CREATE_BUTTON = NEW_CASE_CREATE_BUTTON;

330
x-pack/plugins/security_solution/cypress/tasks/document_expandable_flyout.ts
View file

@ -1,330 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
/* eslint-disable cypress/unsafe-to-chain-command */
import {
DOCUMENT_DETAILS_FLYOUT_BODY,
DOCUMENT_DETAILS_FLYOUT_COLLAPSE_DETAILS_BUTTON,
DOCUMENT_DETAILS_FLYOUT_EXPAND_DETAILS_BUTTON,
DOCUMENT_DETAILS_FLYOUT_FOOTER,
DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON,
DOCUMENT_DETAILS_FLYOUT_HISTORY_TAB,
DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB,
DOCUMENT_DETAILS_FLYOUT_INVESTIGATION_TAB,
DOCUMENT_DETAILS_FLYOUT_JSON_TAB,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INVESTIGATION_SECTION_HEADER,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_DESCRIPTION_SECTION_HEADER,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_SECTION_HEADER,
DOCUMENT_DETAILS_FLYOUT_TABLE_TAB,
DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_CLEAR_FILTER,
DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_FILTER,
DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_ADD_TO_TIMELINE,
DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_FILTER_IN,
DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_FILTER_OUT,
DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_MORE_ACTIONS,
DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB,
DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_GRAPH_ANALYZER_BUTTON,
DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_SESSION_VIEW_BUTTON,
DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_ENTITIES_BUTTON,
DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_BUTTON,
DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_CORRELATIONS_BUTTON,
DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_THREAT_INTELLIGENCE_BUTTON,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_VISUALIZATIONS_SECTION_HEADER,
DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON_DROPDOWN,
KIBANA_NAVBAR_ALERTS_PAGE,
KIBANA_NAVBAR_CASES_PAGE,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_THREAT_INTELLIGENCE_VIEW_ALL_BUTTON,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_PREVALENCE_VIEW_ALL_BUTTON,
} from '../screens/document_expandable_flyout';
import { EXPAND_ALERT_BTN } from '../screens/alerts';
import { getClassSelector } from '../helpers/common';
/**
* Navigates to the alerts page by clicking on the Kibana sidenav entry
*/
export const navigateToAlertsPage = () => {
cy.get(KIBANA_NAVBAR_ALERTS_PAGE).click();
};
/**
* Navigates to the cases page by clicking on the Kibana sidenav entry
*/
export const navigateToCasesPage = () => {
cy.get(KIBANA_NAVBAR_CASES_PAGE).click();
};
/**
* Find the first alert row in the alerts table then click on the expand icon button to open the flyout
*/
export const expandFirstAlertExpandableFlyout = () => {
cy.get(EXPAND_ALERT_BTN).first().click();
};
/**
* Expand the left section of the document details expandable flyout by clicking on the Find the first alert row in the alerts table then click on the expand icon button to open the flyout
*/
export const expandDocumentDetailsExpandableFlyoutLeftSection = () =>
cy.get(DOCUMENT_DETAILS_FLYOUT_EXPAND_DETAILS_BUTTON).click();
/**
* Expand the left section of the document details expandable flyout by clicking on the Find the first alert row in the alerts table then click on the expand icon button to open the flyout
*/
export const collapseDocumentDetailsExpandableFlyoutLeftSection = () =>
cy.get(DOCUMENT_DETAILS_FLYOUT_COLLAPSE_DETAILS_BUTTON).click();
/**
* Scroll to x-y positions within the right section of the document details expandable flyout
* // TODO revisit this as it seems very fragile: the first element found is the timeline flyout, which isn't visible but still exist in the DOM
*/
export const scrollWithinDocumentDetailsExpandableFlyoutRightSection = (x: number, y: number) =>
cy.get(getClassSelector('euiFlyout')).last().scrollTo(x, y);
/**
* Scroll down to the flyout footer's take action button, open its dropdown and click on the desired option
*/
export const openTakeActionButtonAndSelectItem = (option: string) => {
openTakeActionButton();
selectTakeActionItem(option);
};
/**
* Scroll down to the flyout footer's take action button and open its dropdown
*/
export const openTakeActionButton = () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER)
.scrollIntoView()
.within(() => {
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON).click();
});
};
/**
* Click on the item within the flyout's footer take action button dropdown
*/
export const selectTakeActionItem = (option: string) => {
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON_DROPDOWN)
.should('be.visible')
.within(() => cy.get(option).should('be.visible').click());
};
/**
* Open the Overview tab in the document details expandable flyout right section
*/
export const openOverviewTab = () =>
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB).scrollIntoView().click();
/**
* Toggle the Overview tab investigation section in the document details expandable flyout right section
*/
export const toggleOverviewTabInvestigationSection = () =>
cy
.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INVESTIGATION_SECTION_HEADER)
.scrollIntoView()
.should('be.visible')
.click();
/**
* Toggle the Overview tab description section in the document details expandable flyout right section
*/
export const toggleOverviewTabDescriptionSection = () =>
cy
.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_DESCRIPTION_SECTION_HEADER)
.scrollIntoView()
.should('be.visible')
.click();
/**
* Toggle the Overview tab insights section in the document details expandable flyout right section
*/
export const toggleOverviewTabInsightsSection = () =>
cy
.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_SECTION_HEADER)
.scrollIntoView()
.should('be.visible')
.click();
/**
* Toggle the Overview tab visualizations section in the document details expandable flyout right section
*/
export const toggleOverviewTabVisualizationsSection = () =>
cy
.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_VISUALIZATIONS_SECTION_HEADER)
.scrollIntoView()
.should('be.visible')
.click();
/**
* Open the Table tab in the document details expandable flyout right section
*/
export const openTableTab = () =>
cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB).scrollIntoView().click();
/**
* Open the Json tab in the document details expandable flyout right section
*/
export const openJsonTab = () => cy.get(DOCUMENT_DETAILS_FLYOUT_JSON_TAB).scrollIntoView().click();
/**
* Open the Visualize tab in the document details expandable flyout left section
*/
export const openVisualizeTab = () =>
cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB).scrollIntoView().click();
/**
* Open the Session View under the Visualize tab in the document details expandable flyout left section
*/
export const openSessionView = () =>
cy
.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_SESSION_VIEW_BUTTON)
.scrollIntoView()
.should('be.visible')
.click();
/**
* Open the Graph Analyzer under the Visuablize tab in the document details expandable flyout left section
*/
export const openGraphAnalyzer = () =>
cy
.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_GRAPH_ANALYZER_BUTTON)
.scrollIntoView()
.should('be.visible')
.click();
/**
* Open the Insights tab in the document details expandable flyout left section
*/
export const openInsightsTab = () =>
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB).scrollIntoView().click();
/**
* Open the Entities tab under the Insights tab in the document details expandable flyout left section
*/
export const openEntities = () =>
cy
.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_ENTITIES_BUTTON)
.scrollIntoView()
.should('be.visible')
.click();
/**
* Open the Threat intelligence tab under the Insights tab in the document details expandable flyout left section
*/
export const openThreatIntelligence = () =>
cy
.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_THREAT_INTELLIGENCE_BUTTON)
.scrollIntoView()
.should('be.visible')
.click();
/**
* Open the Prevalence tab under the Visuablize tab in the document details expandable flyout left section
*/
export const openPrevalence = () =>
cy
.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_BUTTON)
.scrollIntoView()
.should('be.visible')
.click();
/**
* Open the Correlations tab under the Visuablize tab in the document details expandable flyout left section
*/
export const openCorrelations = () =>
cy
.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_CORRELATIONS_BUTTON)
.scrollIntoView()
.should('be.visible')
.click();
/**
* Open the Investigations tab in the document details expandable flyout left section
*/
export const openInvestigationTab = () =>
cy.get(DOCUMENT_DETAILS_FLYOUT_INVESTIGATION_TAB).scrollIntoView().should('be.visible').click();
/**
* Open the History tab in the document details expandable flyout left section
*/
export const openHistoryTab = () =>
cy.get(DOCUMENT_DETAILS_FLYOUT_HISTORY_TAB).scrollIntoView().click();
/**
* Filter table under the Table tab in the alert details expandable flyout right section
*/
export const filterTableTabTable = (filterValue: string) =>
cy.get(DOCUMENT_DETAILS_FLYOUT_BODY).within(() => {
cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_FILTER).type(filterValue);
});
/**
* Clear table filter under the Table tab in the alert details expandable flyout right section
*/
export const clearFilterTableTabTable = () =>
cy.get(DOCUMENT_DETAILS_FLYOUT_BODY).within(() => {
cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_CLEAR_FILTER).click();
});
/**
* Filter In action in the first table row under the Table tab in the alert details expandable flyout right section
*/
export const filterInTableTabTable = () =>
cy.get(DOCUMENT_DETAILS_FLYOUT_BODY).within(() => {
cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_FILTER_IN).first().click();
});
/**
* Filter Out action in the first table row under the Table tab in the alert details expandable flyout right section
*/
export const filterOutTableTabTable = () =>
cy.get(DOCUMENT_DETAILS_FLYOUT_BODY).within(() => {
cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_FILTER_OUT).first().click();
});
/**
* Add to timeline action in the first table row under the Table tab in the alert details expandable flyout right section
*/
export const addToTimelineTableTabTable = () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_BODY).within(() => {
cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_MORE_ACTIONS).first().click();
});
cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_ADD_TO_TIMELINE).click();
};
/**
* Show Copy to clipboard button in the first table row under the Table tab in the alert details expandable flyout right section
*/
export const copyToClipboardTableTabTable = () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_BODY).within(() => {
cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_MORE_ACTIONS).first().click();
});
};
/**
* Clear filters in the alert page KQL bar
*/
export const clearFilters = () =>
cy.get(DOCUMENT_DETAILS_FLYOUT_BODY).within(() => {
cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_FILTER_OUT).first().click();
});
/**
* Click on the view all button under the right section, Insights, Threat Intelligence
*/
export const clickThreatIntelligenceViewAllButton = () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_THREAT_INTELLIGENCE_VIEW_ALL_BUTTON)
.should('be.visible')
.click();
};
/**
* Click on the view all button under the right section, Insights, Prevalence
*/
export const clickPrevalenceViewAllButton = () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_PREVALENCE_VIEW_ALL_BUTTON)
.should('be.visible')
.click();
};

16
x-pack/plugins/security_solution/cypress/tasks/expandable_flyout/alert_details_left_panel.ts Normal file
View file

@ -0,0 +1,16 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB } from '../../screens/expandable_flyout/alert_details_left_panel';
/**
* Open the Insights tab in the document details expandable flyout left section
*/
export const openInsightsTab = () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB).click();
};

16
x-pack/plugins/security_solution/cypress/tasks/expandable_flyout/alert_details_left_panel_analyzer_graph_tab.ts Normal file
View file

@ -0,0 +1,16 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_GRAPH_ANALYZER_BUTTON } from '../../screens/expandable_flyout/alert_details_left_panel_analyzer_graph_tab';
/**
* Open the Graph Analyzer under the Visuablize tab in the document details expandable flyout left section
*/
export const openGraphAnalyzerTab = () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_GRAPH_ANALYZER_BUTTON).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_VISUALIZE_TAB_GRAPH_ANALYZER_BUTTON).should('be.visible').click();
};

16
x-pack/plugins/security_solution/cypress/tasks/expandable_flyout/alert_details_left_panel_correlations_tab.ts Normal file
View file

@ -0,0 +1,16 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_CORRELATIONS_BUTTON } from '../../screens/expandable_flyout/alert_details_left_panel_correlations_tab';
/**
* Open the Correlations tab under the Visuablize tab in the document details expandable flyout left section
*/
export const openCorrelationsTab = () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_CORRELATIONS_BUTTON).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_CORRELATIONS_BUTTON).should('be.visible').click();
};

16
x-pack/plugins/security_solution/cypress/tasks/expandable_flyout/alert_details_left_panel_entities_tab.ts Normal file
View file

@ -0,0 +1,16 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_ENTITIES_BUTTON } from '../../screens/expandable_flyout/alert_details_left_panel_entities_tab';
/**
* Open the Entities tab under the Insights tab in the document details expandable flyout left section
*/
export const openEntitiesTab = () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_ENTITIES_BUTTON).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_ENTITIES_BUTTON).should('be.visible').click();
};

16
x-pack/plugins/security_solution/cypress/tasks/expandable_flyout/alert_details_left_panel_investigation_tab.ts Normal file
View file

@ -0,0 +1,16 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { DOCUMENT_DETAILS_FLYOUT_INVESTIGATION_TAB } from '../../screens/expandable_flyout/alert_details_left_panel_investigation_tab';
/**
* Open the Investigations tab in the document details expandable flyout left section
*/
export const openInvestigationTab = () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_INVESTIGATION_TAB).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_INVESTIGATION_TAB).should('be.visible').click();
};

16
x-pack/plugins/security_solution/cypress/tasks/expandable_flyout/alert_details_left_panel_prevalence_tab.ts Normal file
View file

@ -0,0 +1,16 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_BUTTON } from '../../screens/expandable_flyout/alert_details_left_panel_prevalence_tab';
/**
* Open the Prevalence tab under the Visualize tab in the document details expandable flyout left section
*/
export const openPrevalenceTab = () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_BUTTON).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_PREVALENCE_BUTTON).should('be.visible').click();
};

18
x-pack/plugins/security_solution/cypress/tasks/expandable_flyout/alert_details_left_panel_threat_intelligence_tab.ts Normal file
View file

@ -0,0 +1,18 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_THREAT_INTELLIGENCE_BUTTON } from '../../screens/expandable_flyout/alert_details_left_panel_threat_intelligence_tab';
/**
* Open the Threat intelligence tab under the Insights tab in the document details expandable flyout left section
*/
export const openThreatIntelligenceTab = () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_THREAT_INTELLIGENCE_BUTTON).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_INSIGHTS_TAB_THREAT_INTELLIGENCE_BUTTON)
.should('be.visible')
.click();
};

93
x-pack/plugins/security_solution/cypress/tasks/expandable_flyout/alert_details_right_panel.ts Normal file
View file

@ -0,0 +1,93 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import {
DOCUMENT_DETAILS_FLYOUT_CLOSE_BUTTON,
DOCUMENT_DETAILS_FLYOUT_COLLAPSE_DETAILS_BUTTON,
DOCUMENT_DETAILS_FLYOUT_EXPAND_DETAILS_BUTTON,
DOCUMENT_DETAILS_FLYOUT_FOOTER,
DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON,
DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON_DROPDOWN,
DOCUMENT_DETAILS_FLYOUT_JSON_TAB,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB,
DOCUMENT_DETAILS_FLYOUT_TABLE_TAB,
} from '../../screens/expandable_flyout/alert_details_right_panel';
/* Header */
/**
* Expand the left section of the document details expandable flyout by clicking on the expand icon button
*/
export const expandDocumentDetailsExpandableFlyoutLeftSection = () =>
cy.get(DOCUMENT_DETAILS_FLYOUT_EXPAND_DETAILS_BUTTON).click();
/**
* Expand the left section of the document details expandable flyout by clicking on the collapse icon button
*/
export const collapseDocumentDetailsExpandableFlyoutLeftSection = () =>
cy.get(DOCUMENT_DETAILS_FLYOUT_COLLAPSE_DETAILS_BUTTON).click();
/**
* Open the Overview tab in the document details expandable flyout right section
*/
export const openOverviewTab = () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB).click();
};
/**
* Open the Table tab in the document details expandable flyout right section
*/
export const openTableTab = () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB).click();
};
/**
* Open the Json tab in the document details expandable flyout right section
*/
export const openJsonTab = () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_JSON_TAB).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_JSON_TAB).click();
};
/**
* Close document details flyout
*/
export const closeFlyout = () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_CLOSE_BUTTON).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_CLOSE_BUTTON).click();
};
/* Footer */
/**
* Scroll down to the flyout footer's take action button, open its dropdown and click on the desired option
*/
export const openTakeActionButtonAndSelectItem = (option: string) => {
openTakeActionButton();
selectTakeActionItem(option);
};
/**
* Scroll down to the flyout footer's take action button and open its dropdown
*/
export const openTakeActionButton = () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER).within(() =>
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON).click()
);
};
/**
* Click on the item within the flyout's footer take action button dropdown
*/
export const selectTakeActionItem = (option: string) => {
cy.get(DOCUMENT_DETAILS_FLYOUT_FOOTER_TAKE_ACTION_BUTTON_DROPDOWN)
.should('be.visible')
.within(() => cy.get(option).should('be.visible').click());
};

15
x-pack/plugins/security_solution/cypress/tasks/expandable_flyout/alert_details_right_panel_json_tab.ts Normal file
View file

@ -0,0 +1,15 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { getClassSelector } from '../../helpers/common';
/**
* Scroll to x-y positions within the right section of the document details expandable flyout
* // TODO revisit this as it seems very fragile: the first element found is the timeline flyout, which isn't visible but still exist in the DOM
*/
export const scrollWithinDocumentDetailsExpandableFlyoutRightSection = (x: number, y: number) =>
cy.get(getClassSelector('euiFlyout')).last().scrollTo(x, y);

118
x-pack/plugins/security_solution/cypress/tasks/expandable_flyout/alert_details_right_panel_overview_tab.ts Normal file
View file

@ -0,0 +1,118 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import {
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_DESCRIPTION_SECTION_HEADER,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_VISUALIZATIONS_SECTION_HEADER,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_SECTION_HEADER,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INVESTIGATION_SECTION_HEADER,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_VIEW_ALL_ENTITIES_BUTTON,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_CORRELATIONS_VIEW_ALL_BUTTON,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_THREAT_INTELLIGENCE_VIEW_ALL_BUTTON,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_PREVALENCE_VIEW_ALL_BUTTON,
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INVESTIGATION_GUIDE_BUTTON,
} from '../../screens/expandable_flyout/alert_details_right_panel_overview_tab';
/* Description section */
/**
* Toggle the Overview tab description section in the document details expandable flyout right section
*/
export const toggleOverviewTabDescriptionSection = () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_DESCRIPTION_SECTION_HEADER).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_DESCRIPTION_SECTION_HEADER)
.should('be.visible')
.click();
};
/* Investigation section */
/**
* Toggle the Overview tab investigation section in the document details expandable flyout right section
*/
export const toggleOverviewTabInvestigationSection = () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INVESTIGATION_SECTION_HEADER).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INVESTIGATION_SECTION_HEADER)
.should('be.visible')
.click();
};
/* Insights section */
/**
* Toggle the Overview tab insights section in the document details expandable flyout right section
*/
export const toggleOverviewTabInsightsSection = () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_SECTION_HEADER).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_SECTION_HEADER).should('be.visible').click();
};
/**
* Click on the view all button under the right section, Insights, Entities
*/
export const clickEntitiesViewAllButton = () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_VIEW_ALL_ENTITIES_BUTTON).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_VIEW_ALL_ENTITIES_BUTTON)
.should('be.visible')
.click();
};
/**
* Click on the view all button under the right section, Insights, Threat Intelligence
*/
export const clickThreatIntelligenceViewAllButton = () => {
cy.get(
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_THREAT_INTELLIGENCE_VIEW_ALL_BUTTON
).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_THREAT_INTELLIGENCE_VIEW_ALL_BUTTON)
.should('be.visible')
.click();
};
/**
* Click on the view all button under the right section, Insights, Correlations
*/
export const clickCorrelationsViewAllButton = () => {
cy.get(
DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_CORRELATIONS_VIEW_ALL_BUTTON
).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_CORRELATIONS_VIEW_ALL_BUTTON)
.should('be.visible')
.click();
};
/**
* Click on the view all button under the right section, Insights, Prevalence
*/
export const clickPrevalenceViewAllButton = () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_PREVALENCE_VIEW_ALL_BUTTON).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INSIGHTS_PREVALENCE_VIEW_ALL_BUTTON)
.should('be.visible')
.click();
};
/* Visualizations section */
/**
* Toggle the Overview tab visualizations section in the document details expandable flyout right section
*/
export const toggleOverviewTabVisualizationsSection = () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_VISUALIZATIONS_SECTION_HEADER).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_VISUALIZATIONS_SECTION_HEADER)
.should('be.visible')
.click();
};
/**
* Click on the investigation guide button under the right section, Visualization
*/
export const clickInvestigationGuideButton = () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INVESTIGATION_GUIDE_BUTTON).scrollIntoView();
cy.get(DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB_INVESTIGATION_GUIDE_BUTTON)
.should('be.visible')
.click();
};

75
x-pack/plugins/security_solution/cypress/tasks/expandable_flyout/alert_details_right_panel_table_tab.ts Normal file
View file

@ -0,0 +1,75 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { DOCUMENT_DETAILS_FLYOUT_BODY } from '../../screens/expandable_flyout/alert_details_right_panel';
import {
DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_CLEAR_FILTER,
DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_FILTER,
DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_ADD_TO_TIMELINE,
DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_FILTER_IN,
DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_FILTER_OUT,
DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_MORE_ACTIONS,
} from '../../screens/expandable_flyout/alert_details_right_panel_table_tab';
/**
* Filter table under the Table tab in the alert details expandable flyout right section
*/
export const filterTableTabTable = (filterValue: string) =>
cy.get(DOCUMENT_DETAILS_FLYOUT_BODY).within(() => {
cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_FILTER).type(filterValue);
});
/**
* Clear table filter under the Table tab in the alert details expandable flyout right section
*/
export const clearFilterTableTabTable = () =>
cy.get(DOCUMENT_DETAILS_FLYOUT_BODY).within(() => {
cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_CLEAR_FILTER).click();
});
/**
* Filter In action in the first table row under the Table tab in the alert details expandable flyout right section
*/
export const filterInTableTabTable = () =>
cy.get(DOCUMENT_DETAILS_FLYOUT_BODY).within(() => {
cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_FILTER_IN).first().click();
});
/**
* Filter Out action in the first table row under the Table tab in the alert details expandable flyout right section
*/
export const filterOutTableTabTable = () =>
cy.get(DOCUMENT_DETAILS_FLYOUT_BODY).within(() => {
cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_FILTER_OUT).first().click();
});
/**
* Add to timeline action in the first table row under the Table tab in the alert details expandable flyout right section
*/
export const addToTimelineTableTabTable = () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_BODY).within(() => {
cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_MORE_ACTIONS).first().click();
});
cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_ADD_TO_TIMELINE).click();
};
/**
* Show Copy to clipboard button in the first table row under the Table tab in the alert details expandable flyout right section
*/
export const copyToClipboardTableTabTable = () => {
cy.get(DOCUMENT_DETAILS_FLYOUT_BODY).within(() => {
cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_MORE_ACTIONS).first().click();
});
};
/**
* Clear filters in the alert page KQL bar
*/
export const clearFilters = () =>
cy.get(DOCUMENT_DETAILS_FLYOUT_BODY).within(() => {
cy.get(DOCUMENT_DETAILS_FLYOUT_TABLE_TAB_ROW_CELL_FILTER_OUT).first().click();
});

49
x-pack/plugins/security_solution/cypress/tasks/expandable_flyout/common.ts Normal file
View file

@ -0,0 +1,49 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { EXPAND_ALERT_BTN } from '../../screens/alerts';
import {
CREATE_CASE_BUTTON,
KIBANA_NAVBAR_ALERTS_PAGE,
KIBANA_NAVBAR_CASES_PAGE,
NEW_CASE_CREATE_BUTTON,
NEW_CASE_DESCRIPTION_INPUT,
NEW_CASE_NAME_INPUT,
} from '../../screens/expandable_flyout/common';
/**
* Navigates to the alerts page by clicking on the Kibana sidenav entry
*/
export const navigateToAlertsPage = () => {
cy.get(KIBANA_NAVBAR_ALERTS_PAGE).should('be.visible').click();
};
/**
* Navigates to the cases page by clicking on the Kibana sidenav entry
*/
export const navigateToCasesPage = () => {
cy.get(KIBANA_NAVBAR_CASES_PAGE).click();
};
/**
* Find the first alert row in the alerts table then click on the expand icon button to open the flyout
*/
export const expandFirstAlertExpandableFlyout = () => {
cy.get(EXPAND_ALERT_BTN).first().click();
};
/**
* Create a new case from the cases page
*/
export const createNewCaseFromCases = () => {
cy.get(CREATE_CASE_BUTTON).should('be.visible').click();
cy.get(NEW_CASE_NAME_INPUT).should('be.visible').click();
cy.get(NEW_CASE_NAME_INPUT).type('case');
cy.get(NEW_CASE_DESCRIPTION_INPUT).should('be.visible').click();
cy.get(NEW_CASE_DESCRIPTION_INPUT).type('case description');
cy.get(NEW_CASE_CREATE_BUTTON).should('be.visible').click();
};

3
x-pack/plugins/security_solution/public/flyout/left/components/test_ids.ts
View file

@ -26,7 +26,6 @@ export const HOST_DETAILS_INFO_TEST_ID = 'host-overview';
export const HOST_DETAILS_RELATED_USERS_TABLE_TEST_ID =
`${PREFIX}HostsDetailsRelatedUsersTable` as const;
export const THREAT_INTELLIGENCE_DETAILS_TEST_ID = `${PREFIX}ThreatIntelligenceDetails` as const;
export const PREVALENCE_DETAILS_TEST_ID = `${PREFIX}PrevalenceDetails` as const;
export const CORRELATIONS_DETAILS_TEST_ID = `${PREFIX}CorrelationsDetails` as const;
@ -34,8 +33,6 @@ export const THREAT_INTELLIGENCE_DETAILS_ENRICHMENTS_TEST_ID = `threat-match-det
export const THREAT_INTELLIGENCE_DETAILS_SPINNER_TEST_ID =
`${PREFIX}ThreatIntelligenceDetailsLoadingSpinner` as const;
export const INVESTIGATION_TEST_ID = `${PREFIX}Investigation` as const;
export const RESPONSE_BASE_TEST_ID = `${PREFIX}Responses` as const;
export const RESPONSE_DETAILS_TEST_ID = `${RESPONSE_BASE_TEST_ID}Details` as const;
export const RESPONSE_EMPTY_TEST_ID = `${RESPONSE_BASE_TEST_ID}Empty` as const;

25
x-pack/plugins/security_solution/public/flyout/right/components/correlations_overview.tsx
View file

@ -5,7 +5,7 @@
* 2.0.
*/
import React, { useCallback } from 'react';
import React, { useCallback, useMemo } from 'react';
import { EuiButtonEmpty, EuiFlexGroup, EuiPanel } from '@elastic/eui';
import { useExpandableFlyoutContext } from '@kbn/expandable-flyout';
import { InsightsSummaryRow } from './insights_summary_row';
@ -44,6 +44,20 @@ export const CorrelationsOverview: React.FC = () => {
scopeId,
});
const correlationRows = useMemo(
() =>
data.map((d) => (
<InsightsSummaryRow
icon={d.icon}
value={d.value}
text={d.text}
data-test-subj={INSIGHTS_CORRELATIONS_TEST_ID}
key={`correlation-row-${d.text}`}
/>
)),
[data]
);
return (
<InsightsSubSection
loading={loading}
@ -53,14 +67,7 @@ export const CorrelationsOverview: React.FC = () => {
>
<EuiPanel hasShadow={false} hasBorder={true} paddingSize="s">
<EuiFlexGroup direction="column" gutterSize="none">
{data.map((d) => (
<InsightsSummaryRow
icon={d.icon}
value={d.value}
text={d.text}
data-test-subj={INSIGHTS_CORRELATIONS_TEST_ID}
/>
))}
{correlationRows}
</EuiFlexGroup>
</EuiPanel>
<EuiButtonEmpty

3
x-pack/plugins/security_solution/public/flyout/right/components/test_ids.ts
View file

@ -51,8 +51,6 @@ export const HIGHLIGHTED_FIELDS_TITLE_TEST_ID =
'securitySolutionDocumentDetailsFlyoutHighlightedFieldsTitle';
export const HIGHLIGHTED_FIELDS_DETAILS_TEST_ID =
'securitySolutionDocumentDetailsFlyoutHighlightedFieldsDetails';
export const HIGHLIGHTED_FIELDS_TEST_ID = 'securitySolutionDocumentDetailsFlyoutHighlightedFields';
export const HIGHLIGHTED_FIELDS_HEADER_EXPAND_ICON_TEST_ID = 'query-toggle-header';
export const HIGHLIGHTED_FIELDS_GO_TO_TABLE_LINK = 'summary-view-go-to-table-link';
export const INVESTIGATION_GUIDE_BUTTON_TEST_ID =
'securitySolutionDocumentDetailsFlyoutInvestigationGuideButton';
@ -69,7 +67,6 @@ export const ENTITIES_HOST_CONTENT_TEST_ID =
'securitySolutionDocumentDetailsFlyoutEntitiesHostContent';
export const ENTITIES_VIEW_ALL_BUTTON_TEST_ID =
'securitySolutionDocumentDetailsFlyoutEntitiesViewAllButton';
export const ENTITY_PANEL_ICON_TEST_ID = 'securitySolutionDocumentDetailsFlyoutEntityPanelTypeIcon';
export const ENTITY_PANEL_TOGGLE_BUTTON_TEST_ID =
'securitySolutionDocumentDetailsFlyoutEntityPanelToggleButton';
export const ENTITY_PANEL_HEADER_TEST_ID = 'securitySolutionDocumentDetailsFlyoutEntityPanelHeader';

5
x-pack/plugins/security_solution/public/flyout/right/hooks/use_correlations.ts
View file

@ -72,7 +72,6 @@ export interface UseCorrelationsResult {
/**
* Retrieves all correlations data from custom hooks
*/
// eslint-disable-next-line complexity
export const useCorrelations = ({
eventId,
dataAsNestedObject,
@ -165,7 +164,7 @@ export const useCorrelations = ({
loading:
casesLoading || ancestryAlertsLoading || alertsBySessionLoading || sameSourceAlertsLoading,
error: data.length === 0,
data: data || [],
dataCount: data.length || 0,
data,
dataCount: data.length,
};
};

30
x-pack/plugins/security_solution/public/flyout/right/hooks/use_fetch_related_alerts_by_ancestry.ts
View file

@ -7,6 +7,7 @@
import type { TimelineEventsDetailsItem } from '@kbn/timelines-plugin/common';
import { find } from 'lodash/fp';
import { useMemo } from 'react';
import { useAlertPrevalenceFromProcessTree } from '../../../common/containers/alerts/use_alert_prevalence_from_process_tree';
import { isActiveTimeline } from '../../../helpers';
@ -47,23 +48,30 @@ export const useFetchRelatedAlertsByAncestry = ({
dataFormattedForFieldBrowser,
scopeId,
}: UseFetchRelatedAlertsByAncestryParams): UseFetchRelatedAlertsByAncestryResult => {
const originalDocumentId = find(
{ category: 'kibana', field: 'kibana.alert.ancestors.id' },
dataFormattedForFieldBrowser
);
const originalDocumentIndex = find(
{ category: 'kibana', field: 'kibana.alert.rule.parameters.index' },
dataFormattedForFieldBrowser
const documentId = useMemo(() => {
const originalDocumentId = find(
{ category: 'kibana', field: 'kibana.alert.ancestors.id' },
dataFormattedForFieldBrowser
);
const { values } = originalDocumentId ?? { values: [] };
return Array.isArray(values) ? values[0] : '';
}, [dataFormattedForFieldBrowser]);
const { values: indices } = useMemo(
() =>
find(
{ category: 'kibana', field: 'kibana.alert.rule.parameters.index' },
dataFormattedForFieldBrowser
) || { values: [] },
[dataFormattedForFieldBrowser]
);
const isActiveTimelines = isActiveTimeline(scopeId ?? '');
const { values: indices } = originalDocumentIndex || { values: [] };
const { values: wrappedDocumentId } = originalDocumentId || { values: [] };
const documentId = Array.isArray(wrappedDocumentId) ? wrappedDocumentId[0] : '';
const { loading, error, alertIds } = useAlertPrevalenceFromProcessTree({
isActiveTimeline: isActiveTimelines,
documentId,
indices: indices ?? [],
indices: indices || [],
});
return {

13
x-pack/plugins/security_solution/public/flyout/right/hooks/use_fetch_related_alerts_by_same_source_event.ts
View file

@ -7,6 +7,7 @@
import type { TimelineEventsDetailsItem } from '@kbn/timelines-plugin/common';
import { find } from 'lodash/fp';
import { useMemo } from 'react';
import { useAlertPrevalence } from '../../../common/containers/alerts/use_alert_prevalence';
import { isActiveTimeline } from '../../../helpers';
@ -46,11 +47,15 @@ export const useFetchRelatedAlertsBySameSourceEvent = ({
dataFormattedForFieldBrowser,
scopeId,
}: UseFetchRelatedAlertsBySameSourceEventParams): UseFetchRelatedAlertsBySameSourceEventResult => {
const sourceEventField = find(
{ category: 'kibana', field: 'kibana.alert.original_event.id' },
dataFormattedForFieldBrowser
const { field, values } = useMemo(
() =>
find(
{ category: 'kibana', field: 'kibana.alert.original_event.id' },
dataFormattedForFieldBrowser
) || { field: '', values: [] },
[dataFormattedForFieldBrowser]
);
const { field, values } = sourceEventField || { field: '', values: [] };
const { loading, error, count, alertIds } = useAlertPrevalence({
field,
value: values,

3
x-pack/plugins/security_solution/public/flyout/right/hooks/use_prevalence.tsx
View file

@ -53,7 +53,7 @@ export const usePrevalence = ({
dataFormattedForFieldBrowser,
scopeId,
}: UsePrevalenceParams): UsePrevalenceResult => {
const [count, setCount] = useState(0);
const [count, setCount] = useState(0); // TODO this needs to be changed at it causes a re-render when the count is updated
// retrieves the highlighted fields
const summaryRows = useMemo(
@ -77,6 +77,7 @@ export const usePrevalence = ({
scopeId={scopeId}
callbackIfNull={() => setCount((prevCount) => prevCount + 1)}
data-test-subj={INSIGHTS_PREVALENCE_TEST_ID}
key={row.description.data.field}
/>
)),
[summaryRows, scopeId]