github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 17:28:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Security Solution][Endpoint] Remove responder FTR test (#175454)

Browse source 
## Summary

Delete responder test skipped in elastic/kibana/pull/170489.
We've cypress tests that cover the test cases here.

### Flaky runner
-
https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/4937
x 50 (...)

### Checklist

- [x] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
This commit is contained in:
Ash 2024-02-23 18:02:47 +01:00 committed by GitHub
parent 171b758bb0
commit db8440dc5b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 3 additions and 248 deletions
Download patch file Download diff file Expand all files Collapse all files

1
x-pack/test/security_solution_endpoint/apps/endpoint/index.ts
View file

@ -45,7 +45,6 @@ export default function (providerContext: FtrProviderContext) {
loadTestFile(require.resolve('./endpoint_list'));
loadTestFile(require.resolve('./endpoint_telemetry'));
loadTestFile(require.resolve('./endpoint_permissions'));
loadTestFile(require.resolve('./responder'));
loadTestFile(require.resolve('./endpoint_solution_integrations'));
});
}

247
x-pack/test/security_solution_endpoint/apps/endpoint/responder.ts
View file

@ -1,247 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { IndexedHostsAndAlertsResponse } from '@kbn/security-solution-plugin/common/endpoint/index_data';
import { TimelineResponse } from '@kbn/security-solution-plugin/common/api/timeline';
import { type IndexedEndpointRuleAlerts } from '@kbn/security-solution-plugin/common/endpoint/data_loaders/index_endpoint_rule_alerts';
import { DATE_RANGE_OPTION_TO_TEST_SUBJ_MAP } from '@kbn/security-solution-plugin/common/test';
import { FtrProviderContext } from '../../ftr_provider_context';
import { targetTags } from '../../target_tags';
export default ({ getPageObjects, getService }: FtrProviderContext) => {
const pageObjects = getPageObjects([
'common',
'endpoint',
'header',
'endpointPageUtils',
'responder',
'timeline',
'detections',
]);
const testSubjects = getService('testSubjects');
const endpointTestResources = getService('endpointTestResources');
const timelineTestService = getService('timeline');
const detectionsTestService = getService('detections');
const log = getService('log');
// The Alerts Rule seems to run every 5 minutes when there are no failures. This timeout ensures
// that we wait long enough for them to show up.
const MAX_WAIT_FOR_ALERTS_TIMEOUT = 60_000 * 6;
const performResponderSanityChecks = async () => {
// Show the Action log
await pageObjects.responder.openActionLogFlyout();
// Ensure the popover in the action log date quick select picker is accessible
// (this is especially important for when Responder is displayed from a Timeline)
await pageObjects.responder.clickActionLogSuperDatePickerQuickMenuButton();
await testSubjects.click(DATE_RANGE_OPTION_TO_TEST_SUBJ_MAP['Last 1 year']);
await pageObjects.responder.closeActionLogFlyout();
// Close responder
await pageObjects.responder.closeResponder();
};
const getEndpointAlertsQueryForAgentId = (
agentId: string
): object & { $stringify: () => string } => {
return Object.assign(
Object.create({
$stringify() {
return JSON.stringify(this);
},
}),
{
bool: {
filter: [
{
bool: {
should: [{ match_phrase: { 'agent.type': 'endpoint' } }],
minimum_should_match: 1,
},
},
{
bool: {
should: [{ match_phrase: { 'agent.id': agentId } }],
minimum_should_match: 1,
},
},
{
bool: {
should: [{ exists: { field: 'kibana.alert.rule.uuid' } }],
minimum_should_match: 1,
},
},
],
},
}
);
};
// FLAKY: https://github.com/elastic/kibana/issues/153071
describe.skip('Response Actions Responder', function () {
targetTags(this, ['@ess', '@serverless']);
let indexedData: IndexedHostsAndAlertsResponse;
let endpointAgentId: string;
before(async () => {
indexedData = await endpointTestResources.loadEndpointData({
numHosts: 2,
generatorSeed: `responder ${Math.random()}`,
});
endpointAgentId = indexedData.hosts[0].agent.id;
// start/stop the endpoint rule. This should cause the rule to run immediately
// and create the Alerts and avoid us having to wait for the interval (of 5 minutes)
await detectionsTestService.stopStartEndpointRule();
});
after(async () => {
if (indexedData) {
log.info('Cleaning up loaded endpoint data');
await endpointTestResources.unloadEndpointData(indexedData);
}
});
describe('from the Endpoint list and details', () => {
before(async () => {
await pageObjects.endpoint.navigateToEndpointList();
});
it('should show Responder from the endpoint list', async () => {
await pageObjects.endpoint.showResponderFromEndpointList(endpointAgentId);
await performResponderSanityChecks();
});
it('should show Responder from the endpoint details', async () => {
await pageObjects.endpoint.showResponderFromEndpointDetails(endpointAgentId);
await performResponderSanityChecks();
});
});
describe('from timeline', () => {
let timeline: TimelineResponse;
let indexedAlerts: IndexedEndpointRuleAlerts;
before(async () => {
timeline = await timelineTestService.createTimeline('endpoint responder test');
// Add all alerts for the Endpoint to the timeline created
timeline = await timelineTestService.updateTimeline(
timeline.data.persistTimeline.timeline.savedObjectId,
{
title: timeline.data.persistTimeline.timeline.title,
kqlQuery: {
filterQuery: {
kuery: {
kind: 'kuery',
expression: `agent.type: "endpoint" AND agent.id : "${endpointAgentId}" AND kibana.alert.rule.uuid : *`,
},
serializedQuery: getEndpointAlertsQueryForAgentId(endpointAgentId).$stringify(),
},
},
savedSearchId: null,
},
timeline.data.persistTimeline.timeline.version
);
indexedAlerts = await detectionsTestService.loadEndpointRuleAlerts(endpointAgentId);
await detectionsTestService.waitForAlerts(
getEndpointAlertsQueryForAgentId(endpointAgentId),
MAX_WAIT_FOR_ALERTS_TIMEOUT
);
await pageObjects.timeline.navigateToTimelineList();
});
after(async () => {
if (timeline) {
log.info(
`Cleaning up created timeline [${timeline.data.persistTimeline.timeline.title} - ${timeline.data.persistTimeline.timeline.savedObjectId}]`
);
await timelineTestService.deleteTimeline(
timeline.data.persistTimeline.timeline.savedObjectId
);
}
if (indexedAlerts) {
log.info(`Cleaning up loaded alerts for Timeline`);
await indexedAlerts.cleanup();
}
});
it('should show Responder from alert in a timeline', async () => {
await pageObjects.timeline.openTimelineById(
timeline.data.persistTimeline.timeline.savedObjectId
);
await pageObjects.timeline.setDateRange('Last 1 year');
await pageObjects.timeline.waitForEvents(MAX_WAIT_FOR_ALERTS_TIMEOUT);
// Show event/alert details for the first one in the list
await pageObjects.timeline.showEventDetails();
// TODO: The index already exists error toast should not show up
// close and dismiss it if it does
if (await testSubjects.exists('globalToastList')) {
await testSubjects.click('toastCloseButton');
}
// Click responder from the take action button
await testSubjects.click('take-action-dropdown-btn');
await testSubjects.clickWhenNotDisabled('endpointResponseActions-action-item');
await testSubjects.existOrFail('consolePageOverlay');
// close tour popup
if (await testSubjects.exists('timeline-save-tour-close-button')) {
await testSubjects.click('timeline-save-tour-close-button');
}
await performResponderSanityChecks();
await pageObjects.timeline.closeTimeline();
});
});
describe('from alerts', () => {
let indexedAlerts: IndexedEndpointRuleAlerts;
before(async () => {
await getService('kibanaServer').request({
path: `internal/kibana/settings`,
method: 'POST',
body: { changes: { 'securitySolution:enableExpandableFlyout': false } },
});
indexedAlerts = await detectionsTestService.loadEndpointRuleAlerts(endpointAgentId);
await detectionsTestService.waitForAlerts(
getEndpointAlertsQueryForAgentId(endpointAgentId),
MAX_WAIT_FOR_ALERTS_TIMEOUT
);
});
after(async () => {
if (indexedAlerts) {
log.info(`Cleaning up alerts loaded for Alerts page`);
await indexedAlerts.cleanup();
}
});
it('should show Responder from alert details under alerts list page', async () => {
const hostname = indexedData.hosts[0].host.name;
await pageObjects.detections.navigateToAlerts(
`query=(language:kuery,query:'host.hostname: "${hostname}" ')`
);
await pageObjects.detections.waitForListToHaveAlerts(MAX_WAIT_FOR_ALERTS_TIMEOUT);
await pageObjects.detections.openFirstAlertDetailsForHostName(hostname);
await pageObjects.detections.openResponseConsoleFromAlertDetails();
await performResponderSanityChecks();
});
});
});
};

3
x-pack/test/security_solution_ftr/services/timeline/index.ts
View file

@ -58,6 +58,7 @@ export class TimelineTestService extends FtrService {
await this.supertest
.post(TIMELINE_DRAFT_URL)
.set('kbn-xsrf', 'true')
.set('elastic-api-version', '2023-10-31')
.send({ timelineType: 'default' })
.then(this.getHttpResponseFailureHandler())
.then((response) => response.body as TimelineResponse)
@ -112,6 +113,7 @@ export class TimelineTestService extends FtrService {
return await this.supertest
.patch(TIMELINE_URL)
.set('kbn-xsrf', 'true')
.set('elastic-api-version', '2023-10-31')
.send({
timelineId,
version,
@ -126,6 +128,7 @@ export class TimelineTestService extends FtrService {
await this.supertest
.delete(TIMELINE_URL)
.set('kbn-xsrf', 'true')
.set('elastic-api-version', '2023-10-31')
.send({
savedObjectIds: Array.isArray(id) ? id : [id],
})