github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 17:28:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Detections Response] Finish moving remaining legacy FTRs (#175837)

Browse source 
**Resolves: https://github.com/elastic/kibana/issues/151902**

## Summary

After this PR, all D&R FTRs are moved to new folder where they can be
run in ESS and serverless. Please see below table for a summary of what
tests need revisiting by the teams. During the test migration there may
have been some tests that failed on serverless, but not ESS. Some we
were able to fix and get running on both, others are still marked as
`brokenInServerless` and need triage.
This commit is contained in:
Yara Tercero 2024-02-12 23:42:08 -08:00 committed by GitHub
parent 79f63c2a3d
commit f4f71d1130
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
226 changed files with 1406 additions and 2339 deletions
Download patch file Download diff file Expand all files Collapse all files

12
.buildkite/ftr_configs.yml
View file

@ -6,7 +6,6 @@ disabled:
- test/functional/config.base.js
- test/functional/firefox/config.base.ts
- x-pack/test/functional/config.base.js
- x-pack/test/detection_engine_api_integration/security_and_spaces/config.base.ts
- x-pack/test/functional_enterprise_search/base_config.ts
- x-pack/test/localization/config.base.ts
- test/server_integration/config.base.js
@ -232,7 +231,6 @@ enabled:
- x-pack/test/cloud_security_posture_functional/config.ts
- x-pack/test/cloud_security_posture_api/config.ts
- x-pack/test/dataset_quality_api_integration/basic/config.ts
- x-pack/test/detection_engine_api_integration/basic/config.ts
- x-pack/test/disable_ems/config.ts
- x-pack/test/encrypted_saved_objects_api_integration/config.ts
- x-pack/test/examples/config.ts
@ -493,8 +491,12 @@ enabled:
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/trial_license_complete_tier/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts
@ -507,14 +509,20 @@ enabled:
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/basic_license_essentials_tier/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/basic_license_essentials_tier/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/trial_license_complete_tier/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/trial_license_complete_tier/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/telemetry/trial_license_complete_tier/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/telemetry/trial_license_complete_tier/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/detections_response/user_roles/trial_license_complete_tier/configs/ess.config.ts

368
.buildkite/pipelines/security_solution/api_integration.yml
View file

@ -7,11 +7,11 @@ steps:
timeout_in_minutes: 60
retry:
automatic:
- exit_status: "-1"
- exit_status: '-1'
limit: 3
- command: .buildkite/scripts/pipelines/security_solution_quality_gate/upload_image_metadata.sh
label: "Upload runtime info"
label: 'Upload runtime info'
key: upload_runtime_info
depends_on: build_image
agents:
@ -19,10 +19,10 @@ steps:
timeout_in_minutes: 300
retry:
automatic:
- exit_status: "-1"
- exit_status: '-1'
limit: 2
- group: "Execute Tests"
- group: 'Execute Tests'
depends_on: build_image
steps:
- label: Running exception_workflows:qa:serverless
@ -33,7 +33,7 @@ steps:
timeout_in_minutes: 120
retry:
automatic:
- exit_status: "*"
- exit_status: '*'
limit: 2
- label: Running exception_operators_date_numeric_types:qa:serverless
@ -44,7 +44,7 @@ steps:
timeout_in_minutes: 120
retry:
automatic:
- exit_status: "*"
- exit_status: '*'
limit: 2
- label: Running exception_operators_keyword:qa:serverless
@ -55,7 +55,7 @@ steps:
timeout_in_minutes: 120
retry:
automatic:
- exit_status: "*"
- exit_status: '*'
limit: 2
- label: Running exception_operators_ips:qa:serverless
@ -66,7 +66,7 @@ steps:
timeout_in_minutes: 120
retry:
automatic:
- exit_status: "*"
- exit_status: '*'
limit: 2
- label: Running exception_operators_long:qa:serverless
@ -77,7 +77,7 @@ steps:
timeout_in_minutes: 120
retry:
automatic:
- exit_status: "1"
- exit_status: '1'
limit: 2
- label: Running exception_operators_text:qa:serverless
@ -86,17 +86,6 @@ steps:
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: "1"
limit: 2
- label: Running rule_creation:essentials:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh rule_creation:essentials:qa:serverless
key: rule_creation:essentials:qa:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: '1'
@ -135,17 +124,6 @@ steps:
- exit_status: '1'
limit: 2
- label: Running entity_analytics:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh entity_analytics:qa:serverless
key: entity_analytics:qa:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: "1"
limit: 2
- label: Running genai:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh genai:qa:serverless
key: genai:qa:serverless
@ -157,50 +135,6 @@ steps:
- exit_status: "1"
limit: 2
- label: Running prebuilt_rules_management:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh prebuilt_rules_management:qa:serverless
key: prebuilt_rules_management:qa:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: "1"
limit: 2
- label: Running prebuilt_rules_bundled_prebuilt_rules_package:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh prebuilt_rules_bundled_prebuilt_rules_package:qa:serverless
key: prebuilt_rules_bundled_prebuilt_rules_package:qa:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: "1"
limit: 2
- label: Running prebuilt_rules_large_prebuilt_rules_package:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh prebuilt_rules_large_prebuilt_rules_package:qa:serverless
key: prebuilt_rules_large_prebuilt_rules_package:qa:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: "1"
limit: 2
- label: Running prebuilt_rules_update_prebuilt_rules_package:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh prebuilt_rules_update_prebuilt_rules_package:qa:serverless
key: prebuilt_rules_update_prebuilt_rules_package:qa:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: "1"
limit: 2
- label: Running rule_execution_logic:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh rule_execution_logic:qa:serverless
key: rule_execution_logic:qa:serverless
@ -209,51 +143,7 @@ steps:
timeout_in_minutes: 120
retry:
automatic:
- exit_status: "1"
limit: 2
- label: Running user_roles:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh user_roles:qa:serverless
key: user_roles:qa:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: "1"
limit: 2
- label: Running telemetry:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh telemetry:qa:serverless
key: telemetry:qa:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: "1"
limit: 2
- label: Running rule_delete:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh rule_delete:qa:serverless
key: rule_delete:qa:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: "1"
limit: 2
- label: Running rule_update:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh rule_update:qa:serverless
key: rule_update:qa:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: "1"
- exit_status: '1'
limit: 2
- label: Running rule_patch:qa:serverless
@ -264,18 +154,51 @@ steps:
timeout_in_minutes: 120
retry:
automatic:
- exit_status: "1"
- exit_status: '1'
limit: 2
- label: Running rule_import_export:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh rule_import_export:qa:serverless
key: rule_import_export:qa:serverless
- label: Running rule_patch:essentials:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh rule_patch:essentials:qa:serverless
key: rule_patch:essentials:qa:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: "1"
- exit_status: '1'
limit: 2
- label: Running rule_update:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh rule_update:qa:serverless
key: rule_update:qa:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: '1'
limit: 2
- label: Running rule_update:essentials:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh rule_update:essentials:qa:serverless
key: rule_update:essentials:qa:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: '1'
limit: 2
- label: Running rules_management:essentials:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh rules_management:essentials:qa:serverless
key: rules_management:essentials:qa:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: '1'
limit: 2
- label: Running rule_management:qa:serverless
@ -286,7 +209,118 @@ steps:
timeout_in_minutes: 120
retry:
automatic:
- exit_status: "1"
- exit_status: '1'
limit: 2
- label: Running prebuilt_rules_management:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh prebuilt_rules_management:qa:serverless
key: prebuilt_rules_management:qa:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: '1'
limit: 2
- label: Running prebuilt_rules_bundled_prebuilt_rules_package:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh prebuilt_rules_bundled_prebuilt_rules_package:qa:serverless
key: prebuilt_rules_bundled_prebuilt_rules_package:qa:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: '1'
limit: 2
- label: Running prebuilt_rules_large_prebuilt_rules_package:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh prebuilt_rules_large_prebuilt_rules_package:qa:serverless
key: prebuilt_rules_large_prebuilt_rules_package:qa:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: '1'
limit: 2
- label: Running prebuilt_rules_update_prebuilt_rules_package:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh prebuilt_rules_update_prebuilt_rules_package:qa:serverless
key: prebuilt_rules_update_prebuilt_rules_package:qa:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: '1'
limit: 2
- label: Running rule_bulk_actions:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh rule_bulk_actions:qa:serverless
key: rule_bulk_actions:qa:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: '1'
limit: 2
- label: Running rule_read:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh rule_read:qa:serverless
key: rule_read:qa:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: '1'
limit: 2
- label: Running rule_read:essentials:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh rule_read:essentials:qa:serverless
key: rule_read:essentials:qa:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: '1'
limit: 2
- label: Running rule_import_export:essentials:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh rule_import_export:essentials:qa:serverless
key: rule_import_export:essentials:qa:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: '1'
limit: 2
- label: Running rule_import_export:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh rule_import_export:qa:serverless
key: rule_import_export:qa:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: '1'
limit: 2
- label: Running rule_management:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh rule_management:qa:serverless
key: rule_management:qa:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: '1'
limit: 2
- label: Running rule_read:qa:serverless
@ -300,9 +334,53 @@ steps:
- exit_status: '1'
limit: 2
- label: Running rules_management:essentials:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh rules_management:essentials:qa:serverless
key: rules_management:essentials:qa:serverless
- label: Running rule_read:essentials:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh rule_read:essentials:qa:serverless
key: rule_read:essentials:qa:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: '1'
limit: 2
- label: Running rule_creation:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh rule_creation:qa:serverless
key: rule_creation:qa:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: '1'
limit: 2
- label: Running rule_creation:essentials:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh rule_creation:essentials:qa:serverless
key: rule_creation:essentials:qa:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: '1'
limit: 2
- label: Running rule_delete:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh rule_delete:qa:serverless
key: rule_delete:qa:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: '1'
limit: 2
- label: Running rule_delete:essentials:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api-integration-tests.sh rule_delete:essentials:qa:serverless
key: rule_delete:essentials:qa:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
@ -332,3 +410,35 @@ steps:
automatic:
- exit_status: '1'
limit: 2
- label: Running user_roles:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh user_roles:qa:serverless
key: user_roles:qa:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: '1'
limit: 2
- label: Running telemetry:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh telemetry:qa:serverless
key: telemetry:qa:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: '1'
limit: 2
- label: Running entity_analytics:qa:serverless
command: .buildkite/scripts/pipelines/security_solution_quality_gate/api_integration/api-integration-tests.sh entity_analytics:qa:serverless
key: entity_analytics:qa:serverless
agents:
queue: n2-4-spot
timeout_in_minutes: 120
retry:
automatic:
- exit_status: '1'
limit: 2

2
.github/CODEOWNERS vendored
View file

@ -1257,7 +1257,7 @@ x-pack/plugins/cloud_integrations/cloud_full_story/server/config.ts @elastic/kib
# Security Solution
/x-pack/test/functional/es_archives/endpoint/ @elastic/security-solution
/x-pack/test/plugin_functional/test_suites/resolver/ @elastic/security-solution
/x-pack/test/detection_engine_api_integration @elastic/security-solution
/x-pack/test/security_solution_api_integration @elastic/security-solution
/x-pack/test/api_integration/apis/security_solution @elastic/security-solution
#CC# /x-pack/plugins/security_solution/ @elastic/security-solution

2
x-pack/plugins/security_solution/common/experimental_features.ts
View file

@ -27,7 +27,7 @@ export const allowedExperimentalValues = Object.freeze({
* we don't want people to be able to violate security by getting access to whole documents
* around telemetry they should not.
* @see telemetry_detection_rules_preview_route.ts
* @see test/detection_engine_api_integration/security_and_spaces/tests/telemetry/README.md
* @see test/security_solution_api_integration/test_suites/telemetry/README.md
*/
previewTelemetryUrlEnabled: false,

18
x-pack/test/cases_api_integration/common/lib/alerts.ts
View file

@ -15,13 +15,13 @@ import { RiskEnrichmentFields } from '@kbn/security-solution-plugin/server/lib/d
import { AttachmentType, Case } from '@kbn/cases-plugin/common';
import { ALERT_CASE_IDS } from '@kbn/rule-data-utils';
import {
getRuleForSignalTesting,
getRuleForAlertTesting,
createRule,
waitForRuleSuccess,
waitForSignalsToBePresent,
getSignalsByIds,
getQuerySignalIds,
} from '../../../detection_engine_api_integration/utils';
waitForAlertsToBePresent,
getAlertsByIds,
getQueryAlertIds,
} from '../../../common/utils/security_solution';
import { superUser } from './authentication/users';
import { User } from './authentication/types';
import { getSpaceUrlPrefix } from './api/helpers';
@ -35,13 +35,13 @@ export const createSecuritySolutionAlerts = async (
numberOfSignals: number = 1
): Promise<estypes.SearchResponse<DetectionAlert & RiskEnrichmentFields>> => {
const rule = {
...getRuleForSignalTesting(['auditbeat-*']),
...getRuleForAlertTesting(['auditbeat-*']),
query: 'process.executable: "/usr/bin/sudo"',
};
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, numberOfSignals, [id]);
const signals = await getSignalsByIds(supertest, log, [id]);
await waitForAlertsToBePresent(supertest, log, numberOfSignals, [id]);
const signals = await getAlertsByIds(supertest, log, [id]);
return signals;
};
@ -53,7 +53,7 @@ export const getSecuritySolutionAlerts = async (
const { body: updatedAlert } = await supertest
.post(DETECTION_ENGINE_QUERY_SIGNALS_URL)
.set('kbn-xsrf', 'true')
.send(getQuerySignalIds(alertIds))
.send(getQueryAlertIds(alertIds))
.expect(200);
return updatedAlert;

6
x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/delete_cases.ts
View file

@ -64,10 +64,10 @@ import {
} from '../../../../common/lib/constants';
import { User } from '../../../../common/lib/authentication/types';
import {
createSignalsIndex,
createAlertsIndex,
deleteAllRules,
deleteAllAlerts,
} from '../../../../../detection_engine_api_integration/utils';
} from '../../../../../common/utils/security_solution';
// eslint-disable-next-line import/no-default-export
export default ({ getService }: FtrProviderContext): void => {
@ -260,7 +260,7 @@ export default ({ getService }: FtrProviderContext): void => {
beforeEach(async () => {
await esArchiver.load('x-pack/test/functional/es_archives/auditbeat/hosts');
await createSignalsIndex(supertest, log);
await createAlertsIndex(supertest, log);
const signals = await createSecuritySolutionAlerts(supertest, log, 2);
alerts = [signals.hits.hits[0], signals.hits.hits[1]];
});

46
x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/patch_cases.ts
View file

@ -44,16 +44,16 @@ import {
getConfigurationRequest,
} from '../../../../common/lib/api';
import {
createSignalsIndex,
createAlertsIndex,
deleteAllAlerts,
deleteAllRules,
getRuleForSignalTesting,
getRuleForAlertTesting,
waitForRuleSuccess,
waitForSignalsToBePresent,
getSignalsByIds,
waitForAlertsToBePresent,
getAlertsByIds,
createRule,
getQuerySignalIds,
} from '../../../../../detection_engine_api_integration/utils';
getQueryAlertIds,
} from '../../../../../common/utils/security_solution';
import {
globalRead,
noKibanaPrivileges,
@ -1714,7 +1714,7 @@ export default ({ getService }: FtrProviderContext): void => {
describe('detections rule', () => {
beforeEach(async () => {
await esArchiver.load('x-pack/test/functional/es_archives/auditbeat/hosts');
await createSignalsIndex(supertest, log);
await createAlertsIndex(supertest, log);
});
afterEach(async () => {
@ -1725,15 +1725,15 @@ export default ({ getService }: FtrProviderContext): void => {
it('updates alert status when the status is updated and syncAlerts=true', async () => {
const rule = {
...getRuleForSignalTesting(['auditbeat-*']),
...getRuleForAlertTesting(['auditbeat-*']),
query: 'process.executable: "/usr/bin/sudo"',
};
const postedCase = await createCase(supertest, postCaseReq);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signals = await getSignalsByIds(supertest, log, [id]);
await waitForAlertsToBePresent(supertest, log, 1, [id]);
const signals = await getAlertsByIds(supertest, log, [id]);
const alert = signals.hits.hits[0];
expect(alert._source?.[ALERT_WORKFLOW_STATUS]).eql('open');
@ -1774,7 +1774,7 @@ export default ({ getService }: FtrProviderContext): void => {
const { body: updatedAlert } = await supertest
.post(DETECTION_ENGINE_QUERY_SIGNALS_URL)
.set('kbn-xsrf', 'true')
.send(getQuerySignalIds([alert._id]))
.send(getQueryAlertIds([alert._id]))
.expect(200);
expect(updatedAlert.hits.hits[0]._source?.['kibana.alert.workflow_status']).eql(
@ -1784,7 +1784,7 @@ export default ({ getService }: FtrProviderContext): void => {
it('does NOT updates alert status when the status is updated and syncAlerts=false', async () => {
const rule = {
...getRuleForSignalTesting(['auditbeat-*']),
...getRuleForAlertTesting(['auditbeat-*']),
query: 'process.executable: "/usr/bin/sudo"',
};
@ -1795,8 +1795,8 @@ export default ({ getService }: FtrProviderContext): void => {
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signals = await getSignalsByIds(supertest, log, [id]);
await waitForAlertsToBePresent(supertest, log, 1, [id]);
const signals = await getAlertsByIds(supertest, log, [id]);
const alert = signals.hits.hits[0];
expect(alert._source?.[ALERT_WORKFLOW_STATUS]).eql('open');
@ -1832,7 +1832,7 @@ export default ({ getService }: FtrProviderContext): void => {
const { body: updatedAlert } = await supertest
.post(DETECTION_ENGINE_QUERY_SIGNALS_URL)
.set('kbn-xsrf', 'true')
.send(getQuerySignalIds([alert._id]))
.send(getQueryAlertIds([alert._id]))
.expect(200);
expect(updatedAlert.hits.hits[0]._source?.['kibana.alert.workflow_status']).eql('open');
@ -1840,7 +1840,7 @@ export default ({ getService }: FtrProviderContext): void => {
it('it updates alert status when syncAlerts is turned on', async () => {
const rule = {
...getRuleForSignalTesting(['auditbeat-*']),
...getRuleForAlertTesting(['auditbeat-*']),
query: 'process.executable: "/usr/bin/sudo"',
};
@ -1851,8 +1851,8 @@ export default ({ getService }: FtrProviderContext): void => {
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signals = await getSignalsByIds(supertest, log, [id]);
await waitForAlertsToBePresent(supertest, log, 1, [id]);
const signals = await getAlertsByIds(supertest, log, [id]);
const alert = signals.hits.hits[0];
expect(alert._source?.[ALERT_WORKFLOW_STATUS]).eql('open');
@ -1906,7 +1906,7 @@ export default ({ getService }: FtrProviderContext): void => {
const { body: updatedAlert } = await supertest
.post(DETECTION_ENGINE_QUERY_SIGNALS_URL)
.set('kbn-xsrf', 'true')
.send(getQuerySignalIds([alert._id]))
.send(getQueryAlertIds([alert._id]))
.expect(200);
expect(updatedAlert.hits.hits[0]._source?.['kibana.alert.workflow_status']).eql(
@ -1916,15 +1916,15 @@ export default ({ getService }: FtrProviderContext): void => {
it('it does NOT updates alert status when syncAlerts is turned off', async () => {
const rule = {
...getRuleForSignalTesting(['auditbeat-*']),
...getRuleForAlertTesting(['auditbeat-*']),
query: 'process.executable: "/usr/bin/sudo"',
};
const postedCase = await createCase(supertest, postCaseReq);
const { id } = await createRule(supertest, log, rule);
await waitForRuleSuccess({ supertest, log, id });
await waitForSignalsToBePresent(supertest, log, 1, [id]);
const signals = await getSignalsByIds(supertest, log, [id]);
await waitForAlertsToBePresent(supertest, log, 1, [id]);
const signals = await getAlertsByIds(supertest, log, [id]);
const alert = signals.hits.hits[0];
expect(alert._source?.[ALERT_WORKFLOW_STATUS]).eql('open');
@ -1975,7 +1975,7 @@ export default ({ getService }: FtrProviderContext): void => {
const { body: updatedAlert } = await supertest
.post(DETECTION_ENGINE_QUERY_SIGNALS_URL)
.set('kbn-xsrf', 'true')
.send(getQuerySignalIds([alert._id]))
.send(getQueryAlertIds([alert._id]))
.expect(200);
expect(updatedAlert.hits.hits[0]._source['kibana.alert.workflow_status']).eql('open');

6
x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/delete_comment.ts
View file

@ -14,10 +14,10 @@ import {
getSecuritySolutionAlerts,
} from '../../../../common/lib/alerts';
import {
createSignalsIndex,
createAlertsIndex,
deleteAllAlerts,
deleteAllRules,
} from '../../../../../detection_engine_api_integration/utils';
} from '../../../../../common/utils/security_solution';
import { FtrProviderContext } from '../../../../common/ftr_provider_context';
import { getPostCaseRequest, postCaseReq, postCommentUserReq } from '../../../../common/lib/mock';
@ -125,7 +125,7 @@ export default ({ getService }: FtrProviderContext): void => {
beforeEach(async () => {
await esArchiver.load('x-pack/test/functional/es_archives/auditbeat/hosts');
await createSignalsIndex(supertest, log);
await createAlertsIndex(supertest, log);
const signals = await createSecuritySolutionAlerts(supertest, log, 2);
alerts = [signals.hits.hits[0], signals.hits.hits[1]];
});

6
x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/delete_comments.ts
View file

@ -14,10 +14,10 @@ import {
getSecuritySolutionAlerts,
} from '../../../../common/lib/alerts';
import {
createSignalsIndex,
createAlertsIndex,
deleteAllAlerts,
deleteAllRules,
} from '../../../../../detection_engine_api_integration/utils';
} from '../../../../../common/utils/security_solution';
import { FtrProviderContext } from '../../../../common/ftr_provider_context';
import {
@ -127,7 +127,7 @@ export default ({ getService }: FtrProviderContext): void => {
beforeEach(async () => {
await esArchiver.load('x-pack/test/functional/es_archives/auditbeat/hosts');
await createSignalsIndex(supertest, log);
await createAlertsIndex(supertest, log);
const signals = await createSecuritySolutionAlerts(supertest, log, 2);
alerts = [signals.hits.hits[0], signals.hits.hits[1]];
});

6
x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/post_comment.ts
View file

@ -46,10 +46,10 @@ import {
bulkCreateAttachments,
} from '../../../../common/lib/api';
import {
createSignalsIndex,
createAlertsIndex,
deleteAllAlerts,
deleteAllRules,
} from '../../../../../detection_engine_api_integration/utils';
} from '../../../../../common/utils/security_solution';
import {
globalRead,
noKibanaPrivileges,
@ -546,7 +546,7 @@ export default ({ getService }: FtrProviderContext): void => {
describe('security_solution', () => {
beforeEach(async () => {
await esArchiver.load('x-pack/test/functional/es_archives/auditbeat/hosts');
await createSignalsIndex(supertest, log);
await createAlertsIndex(supertest, log);
});
afterEach(async () => {

6
x-pack/test/cases_api_integration/security_and_spaces/tests/common/internal/bulk_create_attachments.ts
View file

@ -45,10 +45,10 @@ import {
createComment,
} from '../../../../common/lib/api';
import {
createSignalsIndex,
createAlertsIndex,
deleteAllAlerts,
deleteAllRules,
} from '../../../../../detection_engine_api_integration/utils';
} from '../../../../../common/utils/security_solution';
import {
globalRead,
noKibanaPrivileges,
@ -796,7 +796,7 @@ export default ({ getService }: FtrProviderContext): void => {
describe('security_solution', () => {
beforeEach(async () => {
await esArchiver.load('x-pack/test/functional/es_archives/auditbeat/hosts');
await createSignalsIndex(supertest, log);
await createAlertsIndex(supertest, log);
});
afterEach(async () => {

0
x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/create_alerts_index.ts → x-pack/test/common/utils/security_solution/detections_response/alerts/create_alerts_index.ts
View file

0
x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/delete_all_alerts.ts → x-pack/test/common/utils/security_solution/detections_response/alerts/delete_all_alerts.ts
View file

0
x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/get_alerts_by_id.ts → x-pack/test/common/utils/security_solution/detections_response/alerts/get_alerts_by_id.ts
View file

0
x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/get_alerts_by_ids.ts → x-pack/test/common/utils/security_solution/detections_response/alerts/get_alerts_by_ids.ts
View file

0
x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/get_query_alert_ids.ts → x-pack/test/common/utils/security_solution/detections_response/alerts/get_query_alert_ids.ts
View file

0
x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/get_query_alerts_ids.ts → x-pack/test/common/utils/security_solution/detections_response/alerts/get_query_alerts_ids.ts
View file

14
x-pack/test/common/utils/security_solution/detections_response/alerts/index.ts Normal file
View file

@ -0,0 +1,14 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
export * from './create_alerts_index';
export * from './delete_all_alerts';
export * from './get_query_alert_ids';
export * from './get_query_alerts_ids';
export * from './get_alerts_by_ids';
export * from './get_alerts_by_id';
export * from './wait_for_alerts_to_be_present';

0
x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/wait_for_alerts_to_be_present.ts → x-pack/test/common/utils/security_solution/detections_response/alerts/wait_for_alerts_to_be_present.ts
View file

0
x-pack/test/detection_engine_api_integration/utils/count_down_test.ts → x-pack/test/common/utils/security_solution/detections_response/count_down_test.ts
View file

10
x-pack/test/detection_engine_api_integration/common/ftr_provider_context.d.ts → x-pack/test/common/utils/security_solution/detections_response/index.ts
View file

@ -5,8 +5,8 @@
* 2.0.
*/
import { GenericFtrProviderContext } from '@kbn/test';
import { services } from './services';
export type FtrProviderContext = GenericFtrProviderContext<typeof services, {}>;
export * from './rules';
export * from './alerts';
export * from './count_down_test';
export * from './route_with_namespace';
export * from './wait_for';

0
x-pack/test/detection_engine_api_integration/utils/route_with_namespace.ts → x-pack/test/common/utils/security_solution/detections_response/route_with_namespace.ts
View file

0
x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/create_rule.ts → x-pack/test/common/utils/security_solution/detections_response/rules/create_rule.ts
View file

0
x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/delete_all_rules.ts → x-pack/test/common/utils/security_solution/detections_response/rules/delete_all_rules.ts
View file

0
x-pack/test/detection_engine_api_integration/utils/delete_rule.ts → x-pack/test/common/utils/security_solution/detections_response/rules/delete_rule.ts
View file

0
x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_rule_for_alert_testing.ts → x-pack/test/common/utils/security_solution/detections_response/rules/get_rule_for_alert_testing.ts
View file

14
x-pack/test/detection_engine_api_integration/utils/get_query_signal_ids.ts → x-pack/test/common/utils/security_solution/detections_response/rules/index.ts
View file

@ -5,12 +5,8 @@
* 2.0.
*/
import type { SignalIds } from '@kbn/security-solution-plugin/common/api/detection_engine';
export const getQuerySignalIds = (signalIds: SignalIds) => ({
query: {
terms: {
_id: signalIds,
},
},
});
export * from './create_rule';
export * from './delete_all_rules';
export * from './delete_rule';
export * from './get_rule_for_alert_testing';
export * from './wait_for_rule_status';

0
x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/wait_for_rule_status.ts → x-pack/test/common/utils/security_solution/detections_response/rules/wait_for_rule_status.ts
View file

0
x-pack/test/detection_engine_api_integration/utils/wait_for.ts → x-pack/test/common/utils/security_solution/detections_response/wait_for.ts
View file

2
x-pack/test/detection_engine_api_integration/common/services.ts → x-pack/test/common/utils/security_solution/index.ts
View file

@ -5,4 +5,4 @@
* 2.0.
*/
export { services } from '../../api_integration/services';
export * from './detections_response';

26
x-pack/test/detection_engine_api_integration/basic/tests/index.ts
View file

@ -1,26 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { FtrProviderContext } from '../../common/ftr_provider_context';
// eslint-disable-next-line import/no-default-export
export default ({ loadTestFile }: FtrProviderContext): void => {
describe('detection engine api basic license', function () {
loadTestFile(require.resolve('./create_rules_bulk'));
loadTestFile(require.resolve('./delete_rules'));
loadTestFile(require.resolve('./delete_rules_bulk'));
loadTestFile(require.resolve('./export_rules'));
loadTestFile(require.resolve('./find_rules'));
loadTestFile(require.resolve('./import_rules'));
loadTestFile(require.resolve('./read_rules'));
loadTestFile(require.resolve('./update_rules'));
loadTestFile(require.resolve('./update_rules_bulk'));
loadTestFile(require.resolve('./patch_rules_bulk'));
loadTestFile(require.resolve('./patch_rules'));
loadTestFile(require.resolve('./import_timelines'));
});
};

105
x-pack/test/detection_engine_api_integration/common/config.ts
View file

@ -1,105 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { CA_CERT_PATH } from '@kbn/dev-utils';
import { FtrConfigProviderContext } from '@kbn/test';
import { services } from './services';
interface CreateTestConfigOptions {
license: string;
ssl?: boolean;
}
// test.not-enabled is specifically not enabled
const enabledActionTypes = [
'.email',
'.index',
'.pagerduty',
'.swimlane',
'.server-log',
'.servicenow',
'.slack',
'.webhook',
'test.authorization',
'test.failing',
'test.index-record',
'test.noop',
'test.rate-limit',
];
export function createTestConfig(options: CreateTestConfigOptions, testFiles?: string[]) {
const { license = 'trial', ssl = false } = options;
return async ({ readConfigFile }: FtrConfigProviderContext) => {
const xPackApiIntegrationTestsConfig = await readConfigFile(
require.resolve('../../api_integration/config.ts')
);
const servers = {
...xPackApiIntegrationTestsConfig.get('servers'),
elasticsearch: {
...xPackApiIntegrationTestsConfig.get('servers.elasticsearch'),
protocol: ssl ? 'https' : 'http',
},
};
return {
testFiles,
servers,
services,
junit: {
reportName: 'X-Pack Detection Engine API Integration Tests',
},
esTestCluster: {
...xPackApiIntegrationTestsConfig.get('esTestCluster'),
license,
ssl,
serverArgs: [`xpack.license.self_generated.type=${license}`],
},
kbnTestServer: {
...xPackApiIntegrationTestsConfig.get('kbnTestServer'),
serverArgs: [
...xPackApiIntegrationTestsConfig.get('kbnTestServer.serverArgs'),
`--xpack.actions.allowedHosts=${JSON.stringify(['localhost', 'some.non.existent.com'])}`,
`--xpack.actions.enabledActionTypes=${JSON.stringify(enabledActionTypes)}`,
'--xpack.eventLog.logEntries=true',
`--xpack.securitySolution.alertIgnoreFields=${JSON.stringify([
'testing_ignored.constant',
'/testing_regex*/',
])}`, // See tests within the file "ignore_fields.ts" which use these values in "alertIgnoreFields"
'--xpack.ruleRegistry.write.enabled=true',
'--xpack.ruleRegistry.write.cache.enabled=false',
'--xpack.ruleRegistry.unsafe.indexUpgrade.enabled=true',
'--xpack.ruleRegistry.unsafe.legacyMultiTenancy.enabled=true',
`--xpack.securitySolution.enableExperimental=${JSON.stringify([
'previewTelemetryUrlEnabled',
])}`,
'--xpack.task_manager.poll_interval=1000',
`--xpack.actions.preconfigured=${JSON.stringify({
'my-test-email': {
actionTypeId: '.email',
name: 'TestEmail#xyz',
config: {
from: 'me@test.com',
service: '__json',
},
secrets: {
user: 'user',
password: 'password',
},
},
})}`,
...(ssl
? [
`--elasticsearch.hosts=${servers.elasticsearch.protocol}://${servers.elasticsearch.hostname}:${servers.elasticsearch.port}`,
`--elasticsearch.ssl.certificateAuthorities=${CA_CERT_PATH}`,
]
: []),
],
},
};
};
}

22
x-pack/test/detection_engine_api_integration/utils/binary_to_string.ts
View file

@ -1,22 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
/**
* Useful for export_api testing to convert from a multi-part binary back to a string
* @param res Response
* @param callback Callback
*/
export const binaryToString = (res: any, callback: any): void => {
res.setEncoding('binary');
res.data = '';
res.on('data', (chunk: any) => {
res.data += chunk;
});
res.on('end', () => {
callback(null, Buffer.from(res.data));
});
};

46
x-pack/test/detection_engine_api_integration/utils/count_down_es.ts
View file

@ -1,46 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { TransportResult } from '@elastic/elasticsearch';
import type { ToolingLog } from '@kbn/tooling-log';
import { countDownTest } from './count_down_test';
/**
* Does a plain countdown and checks against es queries for either conflicts in the error
* or for any over the wire issues such as timeouts or temp 404's to make the tests more
* reliant.
* @param esFunction The function to test against
* @param esFunctionName The name of the function to print if we encounter errors
* @param log The tooling logger
* @param retryCount The number of times to retry before giving up (has default)
* @param timeoutWait Time to wait before trying again (has default)
*/
export const countDownES = async (
esFunction: () => Promise<TransportResult<Record<string, any>, unknown>>,
esFunctionName: string,
log: ToolingLog,
retryCount: number = 50,
timeoutWait = 250
): Promise<void> => {
await countDownTest(
async () => {
const result = await esFunction();
if (result.body.version_conflicts !== 0) {
return {
passed: false,
errorMessage: 'Version conflicts for ${result.body.version_conflicts}',
};
} else {
return { passed: true };
}
},
esFunctionName,
log,
retryCount,
timeoutWait
);
};

74
x-pack/test/detection_engine_api_integration/utils/create_rule.ts
View file

@ -1,74 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { ToolingLog } from '@kbn/tooling-log';
import type SuperTest from 'supertest';
import type {
RuleCreateProps,
RuleResponse,
} from '@kbn/security-solution-plugin/common/api/detection_engine';
import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants';
import { deleteRule } from './delete_rule';
import { routeWithNamespace } from './route_with_namespace';
/**
* Helper to cut down on the noise in some of the tests. If this detects
* a conflict it will try to manually remove the rule before re-adding the rule one time and log
* and error about the race condition.
* rule a second attempt. It only re-tries adding the rule if it encounters a conflict once.
* @param supertest The supertest deps
* @param log The tooling logger
* @param rule The rule to create
*/
export const createRule = async (
supertest: SuperTest.SuperTest<SuperTest.Test>,
log: ToolingLog,
rule: RuleCreateProps,
namespace?: string
): Promise<RuleResponse> => {
const route = routeWithNamespace(DETECTION_ENGINE_RULES_URL, namespace);
const response = await supertest
.post(route)
.set('kbn-xsrf', 'true')
.set('elastic-api-version', '2023-10-31')
.send(rule);
if (response.status === 409) {
if (rule.rule_id != null) {
log.debug(
`Did not get an expected 200 "ok" when creating a rule (createRule). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify(
response.body
)}, status: ${JSON.stringify(response.status)}`
);
await deleteRule(supertest, rule.rule_id);
const secondResponseTry = await supertest
.post(DETECTION_ENGINE_RULES_URL)
.set('kbn-xsrf', 'true')
.set('elastic-api-version', '2023-10-31')
.send(rule);
if (secondResponseTry.status !== 200) {
throw new Error(
`Unexpected non 200 ok when attempting to create a rule (second try): ${JSON.stringify(
response.body
)}`
);
} else {
return secondResponseTry.body;
}
} else {
throw new Error('When creating a rule found an unexpected conflict (404)');
}
} else if (response.status !== 200) {
throw new Error(
`Unexpected non 200 ok when attempting to create a rule: ${JSON.stringify(
response.status
)},${JSON.stringify(response, null, 4)}`
);
} else {
return response.body;
}
};

35
x-pack/test/detection_engine_api_integration/utils/create_rule_saved_object.ts
View file

@ -1,35 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type SuperTest from 'supertest';
import { Rule } from '@kbn/alerting-plugin/common';
import {
BaseRuleParams,
InternalRuleCreate,
} from '@kbn/security-solution-plugin/server/lib/detection_engine/rule_schema';
/**
* Creates a rule using the alerting APIs directly.
* This allows us to test some legacy types that are not exposed
* on our APIs
*
* @param supertest
*/
export const createRuleThroughAlertingEndpoint = async (
supertest: SuperTest.SuperTest<SuperTest.Test>,
rule: InternalRuleCreate
): Promise<Rule<BaseRuleParams>> => {
const { body } = await supertest
.post('/api/alerting/rule')
.set('kbn-xsrf', 'true')
.set('elastic-api-version', '2023-10-31')
.send(rule)
.expect(200);
return body;
};

37
x-pack/test/detection_engine_api_integration/utils/create_signals_index.ts
View file

@ -1,37 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type SuperTest from 'supertest';
import { ToolingLog } from '@kbn/tooling-log';
import { DETECTION_ENGINE_INDEX_URL } from '@kbn/security-solution-plugin/common/constants';
import { countDownTest } from './count_down_test';
/**
* Creates the signals index for use inside of beforeEach blocks of tests
* This will retry 50 times before giving up and hopefully still not interfere with other tests
* @param supertest The supertest client library
*/
export const createSignalsIndex = async (
supertest: SuperTest.SuperTest<SuperTest.Test>,
log: ToolingLog
): Promise<void> => {
await countDownTest(
async () => {
await supertest
.post(DETECTION_ENGINE_INDEX_URL)
.set('kbn-xsrf', 'true')
.set('elastic-api-version', '2023-10-31')
.send();
return {
passed: true,
};
},
'createSignalsIndex',
log
);
};

49
x-pack/test/detection_engine_api_integration/utils/delete_all_alerts.ts
View file

@ -1,49 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type SuperTest from 'supertest';
import type { ToolingLog } from '@kbn/tooling-log';
import type { Client } from '@elastic/elasticsearch';
import { DETECTION_ENGINE_INDEX_URL } from '@kbn/security-solution-plugin/common/constants';
import { countDownTest } from './count_down_test';
/**
* Deletes all alerts from a given index or indices, defaults to `.alerts-security.alerts-*`
* For use inside of afterEach blocks of tests
*/
export const deleteAllAlerts = async (
supertest: SuperTest.SuperTest<SuperTest.Test>,
log: ToolingLog,
es: Client,
index: Array<'.alerts-security.alerts-*' | '.preview.alerts-security.alerts-*'> = [
'.alerts-security.alerts-*',
]
): Promise<void> => {
await countDownTest(
async () => {
await supertest
.delete(DETECTION_ENGINE_INDEX_URL)
.set('kbn-xsrf', 'true')
.set('elastic-api-version', '2023-10-31')
.send();
await es.deleteByQuery({
index,
body: {
query: {
match_all: {},
},
},
refresh: true,
});
return {
passed: true,
};
},
'deleteAllAlerts',
log
);
};

47
x-pack/test/detection_engine_api_integration/utils/delete_all_rules.ts
View file

@ -1,47 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { ToolingLog } from '@kbn/tooling-log';
import type SuperTest from 'supertest';
import {
DETECTION_ENGINE_RULES_BULK_ACTION,
DETECTION_ENGINE_RULES_URL,
} from '@kbn/security-solution-plugin/common/constants';
import { countDownTest } from './count_down_test';
/**
* Removes all rules by looping over any found and removing them from REST.
* @param supertest The supertest agent.
*/
export const deleteAllRules = async (
supertest: SuperTest.SuperTest<SuperTest.Test>,
log: ToolingLog
): Promise<void> => {
await countDownTest(
async () => {
await supertest
.post(DETECTION_ENGINE_RULES_BULK_ACTION)
.send({ action: 'delete', query: '' })
.set('kbn-xsrf', 'true')
.set('elastic-api-version', '2023-10-31');
const { body: finalCheck } = await supertest
.get(`${DETECTION_ENGINE_RULES_URL}/_find`)
.set('kbn-xsrf', 'true')
.set('elastic-api-version', '2023-10-31')
.send();
return {
passed: finalCheck.data.length === 0,
};
},
'deleteAllRules',
log,
50,
1000
);
};

97
x-pack/test/detection_engine_api_integration/utils/get_complex_rule.ts
View file

@ -1,97 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { RuleCreateProps } from '@kbn/security-solution-plugin/common/api/detection_engine';
/**
* This will return a complex rule with all the outputs possible
* @param ruleId The ruleId to set which is optional and defaults to rule-1
*/
export const getComplexRule = (ruleId = 'rule-1'): RuleCreateProps => ({
actions: [],
author: [],
name: 'Complex Rule Query',
description: 'Complex Rule Query',
false_positives: [
'https://www.example.com/some-article-about-a-false-positive',
'some text string about why another condition could be a false positive',
],
risk_score: 1,
risk_score_mapping: [],
rule_id: ruleId,
filters: [
{
query: {
match_phrase: {
'host.name': 'siem-windows',
},
},
},
],
enabled: false,
index: ['auditbeat-*', 'filebeat-*'],
interval: '5m',
output_index: '',
meta: {
anything_you_want_ui_related_or_otherwise: {
as_deep_structured_as_you_need: {
any_data_type: {},
},
},
},
max_signals: 10,
tags: ['tag 1', 'tag 2', 'any tag you want'],
to: 'now',
from: 'now-6m',
severity: 'high',
severity_mapping: [],
language: 'kuery',
type: 'query',
threat: [
{
framework: 'MITRE ATT&CK',
tactic: {
id: 'TA0040',
name: 'impact',
reference: 'https://attack.mitre.org/tactics/TA0040/',
},
technique: [
{
id: 'T1499',
name: 'endpoint denial of service',
reference: 'https://attack.mitre.org/techniques/T1499/',
},
],
},
{
framework: 'Some other Framework you want',
tactic: {
id: 'some-other-id',
name: 'Some other name',
reference: 'https://example.com',
},
technique: [
{
id: 'some-other-id',
name: 'some other technique name',
reference: 'https://example.com',
},
],
},
],
references: [
'http://www.example.com/some-article-about-attack',
'Some plain text string here explaining why this is a valid thing to look out for',
],
timeline_id: 'timeline_id',
timeline_title: 'timeline_title',
note: '# some investigation documentation',
version: 1,
query: 'user.name: root or user.name: admin',
throttle: 'no_actions',
exceptions_list: [],
});

105
x-pack/test/detection_engine_api_integration/utils/get_complex_rule_output.ts
View file

@ -1,105 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { RuleResponse } from '@kbn/security-solution-plugin/common/api/detection_engine';
// TODO: Follow up https://github.com/elastic/kibana/pull/137628 and add an explicit type to this object
// without using Partial
/**
* This will return a complex rule with all the outputs possible
* @param ruleId The ruleId to set which is optional and defaults to rule-1
*/
export const getComplexRuleOutput = (ruleId = 'rule-1'): Partial<RuleResponse> => ({
actions: [],
author: [],
created_by: 'elastic',
name: 'Complex Rule Query',
description: 'Complex Rule Query',
false_positives: [
'https://www.example.com/some-article-about-a-false-positive',
'some text string about why another condition could be a false positive',
],
risk_score: 1,
risk_score_mapping: [],
rule_id: ruleId,
filters: [
{
query: {
match_phrase: {
'host.name': 'siem-windows',
},
},
},
],
enabled: false,
index: ['auditbeat-*', 'filebeat-*'],
immutable: false,
interval: '5m',
output_index: '',
meta: {
anything_you_want_ui_related_or_otherwise: {
as_deep_structured_as_you_need: {
any_data_type: {},
},
},
},
max_signals: 10,
tags: ['tag 1', 'tag 2', 'any tag you want'],
to: 'now',
from: 'now-6m',
revision: 0,
severity: 'high',
severity_mapping: [],
language: 'kuery',
type: 'query',
threat: [
{
framework: 'MITRE ATT&CK',
tactic: {
id: 'TA0040',
name: 'impact',
reference: 'https://attack.mitre.org/tactics/TA0040/',
},
technique: [
{
id: 'T1499',
name: 'endpoint denial of service',
reference: 'https://attack.mitre.org/techniques/T1499/',
},
],
},
{
framework: 'Some other Framework you want',
tactic: {
id: 'some-other-id',
name: 'Some other name',
reference: 'https://example.com',
},
technique: [
{
id: 'some-other-id',
name: 'some other technique name',
reference: 'https://example.com',
},
],
},
],
references: [
'http://www.example.com/some-article-about-attack',
'Some plain text string here explaining why this is a valid thing to look out for',
],
timeline_id: 'timeline_id',
timeline_title: 'timeline_title',
updated_by: 'elastic',
note: '# some investigation documentation',
version: 1,
query: 'user.name: root or user.name: admin',
exceptions_list: [],
related_integrations: [],
required_fields: [],
setup: '',
});

23
x-pack/test/detection_engine_api_integration/utils/get_query_signals_ids.ts
View file

@ -1,23 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { ALERT_RULE_UUID } from '@kbn/rule-data-utils';
/**
* Given an array of ids for a test this will get the signals
* created from that rule's regular id.
* @param ids The rule_id to search for signals
*/
export const getQuerySignalsId = (ids: string[], size = 10) => ({
size,
sort: ['@timestamp'],
query: {
terms: {
[ALERT_RULE_UUID]: ids,
},
},
});

32
x-pack/test/detection_engine_api_integration/utils/get_rule_for_signal_testing.ts
View file

@ -1,32 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { QueryRuleCreateProps } from '@kbn/security-solution-plugin/common/api/detection_engine';
/**
* This is a typical signal testing rule that is easy for most basic testing of output of signals.
* It starts out in an enabled true state. The 'from' is set very far back to test the basics of signal
* creation and testing by getting all the signals at once.
* @param ruleId The optional ruleId which is rule-1 by default.
* @param enabled Enables the rule on creation or not. Defaulted to true.
*/
export const getRuleForSignalTesting = (
index: string[],
ruleId = 'rule-1',
enabled = true
): QueryRuleCreateProps => ({
name: 'Signal Testing Query',
description: 'Tests a simple query',
enabled,
risk_score: 1,
rule_id: ruleId,
severity: 'high',
index,
type: 'query',
query: '*:*',
from: '1900-01-01T00:00:00.000Z',
});

59
x-pack/test/detection_engine_api_integration/utils/get_signals_by_ids.ts
View file

@ -1,59 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { SearchResponse } from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
import type { ToolingLog } from '@kbn/tooling-log';
import type SuperTest from 'supertest';
import type { DetectionAlert } from '@kbn/security-solution-plugin/common/api/detection_engine';
import type { RiskEnrichmentFields } from '@kbn/security-solution-plugin/server/lib/detection_engine/rule_types/utils/enrichments/types';
import { DETECTION_ENGINE_QUERY_SIGNALS_URL } from '@kbn/security-solution-plugin/common/constants';
import { countDownTest } from './count_down_test';
import { getQuerySignalsId } from './get_query_signals_ids';
import { routeWithNamespace } from './route_with_namespace';
/**
* Given an array of rule ids this will return only signals based on that rule id both
* open and closed
* @param supertest agent
* @param ids Array of the rule ids
*/
export const getSignalsByIds = async (
supertest: SuperTest.SuperTest<SuperTest.Test>,
log: ToolingLog,
ids: string[],
size?: number,
namespace?: string
): Promise<SearchResponse<DetectionAlert & RiskEnrichmentFields>> => {
const signalsOpen = await countDownTest<SearchResponse<DetectionAlert & RiskEnrichmentFields>>(
async () => {
const route = routeWithNamespace(DETECTION_ENGINE_QUERY_SIGNALS_URL, namespace);
const response = await supertest
.post(route)
.set('kbn-xsrf', 'true')
.send(getQuerySignalsId(ids, size));
if (response.status !== 200) {
return {
passed: false,
errorMessage: `Status is not 200 as expected, it is: ${response.status}`,
};
} else {
return {
passed: true,
returnValue: response.body,
};
}
},
'getSignalsByIds',
log
);
if (signalsOpen == null) {
throw new Error('Signals not defined after countdown, cannot continue');
} else {
return signalsOpen;
}
};

25
x-pack/test/detection_engine_api_integration/utils/get_simple_ml_rule_update.ts
View file

@ -1,25 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { RuleUpdateProps } from '@kbn/security-solution-plugin/common/api/detection_engine';
/**
* This is a representative ML rule payload as expected by the server for an update
* @param ruleId The rule id
* @param enabled Set to tru to enable it, by default it is off
*/
export const getSimpleMlRuleUpdate = (ruleId = 'rule-1', enabled = false): RuleUpdateProps => ({
name: 'Simple ML Rule',
description: 'Simple Machine Learning Rule',
enabled,
anomaly_threshold: 44,
risk_score: 1,
rule_id: ruleId,
severity: 'high',
machine_learning_job_id: ['some_job_id'],
type: 'machine_learning',
});

25
x-pack/test/detection_engine_api_integration/utils/get_simple_rule.ts
View file

@ -1,25 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { QueryRuleCreateProps } from '@kbn/security-solution-plugin/common/api/detection_engine';
/**
* This is a typical simple rule for testing that is easy for most basic testing
* @param ruleId
* @param enabled Enables the rule on creation or not. Defaulted to true.
*/
export const getSimpleRule = (ruleId = 'rule-1', enabled = false): QueryRuleCreateProps => ({
name: 'Simple Rule Query',
description: 'Simple Rule Query',
enabled,
risk_score: 1,
rule_id: ruleId,
severity: 'high',
index: ['auditbeat-*'],
type: 'query',
query: 'user.name: root or user.name: admin',
});

21
x-pack/test/detection_engine_api_integration/utils/get_simple_rule_as_ndjson.ts
View file

@ -1,21 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { getSimpleRule } from './get_simple_rule';
/**
* Given an array of rule_id strings this will return a ndjson buffer which is useful
* for testing uploads.
* @param ruleIds Array of strings of rule_ids
*/
export const getSimpleRuleAsNdjson = (ruleIds: string[], enabled = false): Buffer => {
const stringOfRules = ruleIds.map((ruleId) => {
const simpleRule = getSimpleRule(ruleId, enabled);
return JSON.stringify(simpleRule);
});
return Buffer.from(stringOfRules.join('\n'));
};

85
x-pack/test/detection_engine_api_integration/utils/get_simple_rule_output.ts
View file

@ -1,85 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type {
RuleResponse,
SharedResponseProps,
} from '@kbn/security-solution-plugin/common/api/detection_engine';
import { removeServerGeneratedProperties } from './remove_server_generated_properties';
export const getMockSharedResponseSchema = (
ruleId = 'rule-1',
enabled = false
): SharedResponseProps => ({
actions: [],
author: [],
created_by: 'elastic',
description: 'Simple Rule Query',
enabled,
false_positives: [],
from: 'now-6m',
immutable: false,
interval: '5m',
rule_id: ruleId,
output_index: '',
max_signals: 100,
related_integrations: [],
required_fields: [],
risk_score: 1,
risk_score_mapping: [],
name: 'Simple Rule Query',
references: [],
setup: '',
severity: 'high' as const,
severity_mapping: [],
updated_by: 'elastic',
tags: [],
to: 'now',
threat: [],
throttle: undefined,
exceptions_list: [],
version: 1,
revision: 0,
id: 'id',
updated_at: '2020-07-08T16:36:32.377Z',
created_at: '2020-07-08T16:36:32.377Z',
building_block_type: undefined,
note: undefined,
license: undefined,
outcome: undefined,
alias_target_id: undefined,
alias_purpose: undefined,
timeline_id: undefined,
timeline_title: undefined,
meta: undefined,
rule_name_override: undefined,
timestamp_override: undefined,
timestamp_override_fallback_disabled: undefined,
namespace: undefined,
investigation_fields: undefined,
});
const getQueryRuleOutput = (ruleId = 'rule-1', enabled = false): RuleResponse => ({
...getMockSharedResponseSchema(ruleId, enabled),
index: ['auditbeat-*'],
language: 'kuery',
query: 'user.name: root or user.name: admin',
type: 'query',
data_view_id: undefined,
filters: undefined,
saved_id: undefined,
response_actions: undefined,
alert_suppression: undefined,
});
/**
* This is the typical output of a simple rule that Kibana will output with all the defaults
* except for the server generated properties. Useful for testing end to end tests.
*/
export const getSimpleRuleOutput = (ruleId = 'rule-1', enabled = false) => {
return removeServerGeneratedProperties(getQueryRuleOutput(ruleId, enabled));
};

21
x-pack/test/detection_engine_api_integration/utils/get_simple_rule_output_without_rule_id.ts
View file

@ -1,21 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { getSimpleRuleOutput } from './get_simple_rule_output';
import { RuleWithoutServerGeneratedProperties } from './remove_server_generated_properties';
/**
* This is the typical output of a simple rule that Kibana will output with all the defaults except
* for all the server generated properties such as created_by. Useful for testing end to end tests.
*/
export const getSimpleRuleOutputWithoutRuleId = (
ruleId = 'rule-1'
): Omit<RuleWithoutServerGeneratedProperties, 'rule_id'> => {
const rule = getSimpleRuleOutput(ruleId);
const { rule_id: rId, ...ruleWithoutRuleId } = rule;
return ruleWithoutRuleId;
};

25
x-pack/test/detection_engine_api_integration/utils/get_simple_rule_update.ts
View file

@ -1,25 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { RuleUpdateProps } from '@kbn/security-solution-plugin/common/api/detection_engine';
/**
* This is a typical simple rule for testing that is easy for most basic testing
* @param ruleId The rule id
* @param enabled Set to true to enable it, by default it is off
*/
export const getSimpleRuleUpdate = (ruleId = 'rule-1', enabled = false): RuleUpdateProps => ({
name: 'Simple Rule Query',
description: 'Simple Rule Query',
enabled,
risk_score: 1,
rule_id: ruleId,
severity: 'high',
index: ['auditbeat-*'],
type: 'query',
query: 'user.name: root or user.name: admin',
});

19
x-pack/test/detection_engine_api_integration/utils/get_simple_rule_without_rule_id.ts
View file

@ -1,19 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { RuleCreateProps } from '@kbn/security-solution-plugin/common/api/detection_engine';
import { getSimpleRule } from './get_simple_rule';
/**
* This is a typical simple rule for testing that is easy for most basic testing
*/
export const getSimpleRuleWithoutRuleId = (): RuleCreateProps => {
const simpleRule = getSimpleRule();
// eslint-disable-next-line @typescript-eslint/naming-convention
const { rule_id, ...ruleWithoutId } = simpleRule;
return ruleWithoutId;
};

41
x-pack/test/detection_engine_api_integration/utils/index.ts
View file

@ -1,41 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
export * from './binary_to_string';
export * from './count_down_es';
export * from './count_down_test';
export * from './create_rule';
export * from './create_rule_saved_object';
export * from './create_signals_index';
export * from './delete_all_rules';
export * from './delete_all_alerts';
export * from './delete_all_timelines';
export * from './get_complex_rule';
export * from './get_complex_rule_output';
export * from './get_simple_rule';
export * from './get_simple_rule_output';
export * from './get_simple_rule_output_without_rule_id';
export * from './get_simple_rule_without_rule_id';
export * from './route_with_namespace';
export * from './remove_server_generated_properties';
export * from './remove_server_generated_properties_including_rule_id';
export * from './rule_to_update_schema';
export * from './update_rule';
export * from './wait_for';
export * from './wait_for_rule_status';
export * from './prebuilt_rules/create_prebuilt_rule_saved_objects';
export * from './prebuilt_rules/install_prebuilt_rules_and_timelines';
export * from './get_simple_rule_update';
export * from './get_simple_ml_rule_update';
export * from './get_simple_rule_as_ndjson';
export * from './rule_to_ndjson';
export * from './delete_rule';
export * from './get_query_signal_ids';
export * from './get_query_signals_ids';
export * from './get_signals_by_ids';
export * from './wait_for_signals_to_be_present';
export * from './get_rule_for_signal_testing';

113
x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/create_prebuilt_rule_saved_objects.ts
View file

@ -1,113 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { Client } from '@elastic/elasticsearch';
import { PrebuiltRuleAsset } from '@kbn/security-solution-plugin/server/lib/detection_engine/prebuilt_rules';
import {
getPrebuiltRuleMock,
getPrebuiltRuleWithExceptionsMock,
} from '@kbn/security-solution-plugin/server/lib/detection_engine/prebuilt_rules/mocks';
import { ELASTIC_SECURITY_RULE_ID } from '@kbn/security-solution-plugin/common';
import { SECURITY_SOLUTION_SAVED_OBJECT_INDEX } from '@kbn/core-saved-objects-server';
/**
* A helper function to create a rule asset saved object
*
* @param overrideParams Params to override the default mock
* @returns Created rule asset saved object
*/
export const createRuleAssetSavedObject = (overrideParams: Partial<PrebuiltRuleAsset>) => ({
'security-rule': {
...getPrebuiltRuleMock(),
...overrideParams,
},
type: 'security-rule',
references: [],
coreMigrationVersion: '8.6.0',
updated_at: '2022-11-01T12:56:39.717Z',
created_at: '2022-11-01T12:56:39.717Z',
});
export const SAMPLE_PREBUILT_RULES = [
createRuleAssetSavedObject({
...getPrebuiltRuleWithExceptionsMock(),
rule_id: ELASTIC_SECURITY_RULE_ID,
tags: ['test-tag-1'],
enabled: true,
}),
createRuleAssetSavedObject({
rule_id: '000047bb-b27a-47ec-8b62-ef1a5d2c9e19',
tags: ['test-tag-2'],
}),
createRuleAssetSavedObject({
rule_id: '00140285-b827-4aee-aa09-8113f58a08f3',
tags: ['test-tag-3'],
}),
];
export const SAMPLE_PREBUILT_RULES_WITH_HISTORICAL_VERSIONS = [
createRuleAssetSavedObject({ rule_id: 'rule-1', version: 1 }),
createRuleAssetSavedObject({ rule_id: 'rule-1', version: 2 }),
createRuleAssetSavedObject({ rule_id: 'rule-2', version: 1 }),
createRuleAssetSavedObject({ rule_id: 'rule-2', version: 2 }),
createRuleAssetSavedObject({ rule_id: 'rule-2', version: 3 }),
];
/**
* Creates saved objects with prebuilt rule assets which can be used for
* installing actual prebuilt rules after that. It creates saved objects with
* only latest versions of the rules. Tha matches the behavior of a rules
* package without historical versions.
*
* NOTE: Version is not added to the rule asset saved object id.
*
* @param es Elasticsearch client
*/
export const createPrebuiltRuleAssetSavedObjects = async (
es: Client,
rules = SAMPLE_PREBUILT_RULES
): Promise<void> => {
await es.bulk({
refresh: true,
body: rules.flatMap((doc) => [
{
index: {
_index: SECURITY_SOLUTION_SAVED_OBJECT_INDEX,
_id: `security-rule:${doc['security-rule'].rule_id}`,
},
},
doc,
]),
});
};
/**
* Creates saved objects with prebuilt rule assets which can be used for
* installing actual prebuilt rules after that. It creates saved objects with
* historical versions of the rules.
*
* NOTE: Version is added to the rule asset saved object id.
*
* @param es Elasticsearch client
*/
export const createHistoricalPrebuiltRuleAssetSavedObjects = async (
es: Client,
rules = SAMPLE_PREBUILT_RULES_WITH_HISTORICAL_VERSIONS
): Promise<void> => {
await es.bulk({
refresh: true,
body: rules.flatMap((doc) => [
{
index: {
_index: SECURITY_SOLUTION_SAVED_OBJECT_INDEX,
_id: `security-rule:${doc['security-rule'].rule_id}_${doc['security-rule'].version}`,
},
},
doc,
]),
});
};

56
x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_prebuilt_rules_and_timelines.ts
View file

@ -1,56 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import {
InstallPrebuiltRulesAndTimelinesResponse,
PREBUILT_RULES_URL,
} from '@kbn/security-solution-plugin/common/api/detection_engine/prebuilt_rules';
import type { Client } from '@elastic/elasticsearch';
import type SuperTest from 'supertest';
import { ALL_SAVED_OBJECT_INDICES } from '@kbn/core-saved-objects-server';
/**
* (LEGACY)
* Installs all prebuilt rules and timelines available in Kibana. Rules are
* installed from the security-rule saved objects.
* This is a legacy endpoint and has been replaced by:
* POST /internal/detection_engine/prebuilt_rules/installation/_perform
*
* - No rules will be installed if there are no security-rule assets (e.g., the
* package is not installed or mocks are not created).
*
* - If some prebuilt rules are already installed, they will be upgraded in case
* there are newer versions of them in security-rule assets.
*
* @param supertest SuperTest instance
* @returns Install prebuilt rules response
*/
export const installPrebuiltRulesAndTimelines = async (
es: Client,
supertest: SuperTest.SuperTest<SuperTest.Test>
): Promise<InstallPrebuiltRulesAndTimelinesResponse> => {
const response = await supertest
.put(PREBUILT_RULES_URL)
.set('kbn-xsrf', 'true')
.set('elastic-api-version', '2023-10-31')
.send()
.expect(200);
// Before we proceed, we need to refresh saved object indices.
// At the previous step we installed the prebuilt detection rules SO of type 'security-rule'.
// The savedObjectsClient does this with a call with explicit `refresh: false`.
// So, despite of the fact that the endpoint waits until the prebuilt rule will be
// successfully indexed, it doesn't wait until they become "visible" for subsequent read
// operations.
// And this is usually what we do next in integration tests: we read these SOs with utility
// function such as getPrebuiltRulesAndTimelinesStatus().
// This can cause race condition between a write and subsequent read operation, and to
// fix it deterministically we have to refresh saved object indices and wait until it's done.
await es.indices.refresh({ index: ALL_SAVED_OBJECT_INDICES });
return response.body;
};

30
x-pack/test/detection_engine_api_integration/utils/remove_server_generated_properties.ts
View file

@ -1,30 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { RuleResponse } from '@kbn/security-solution-plugin/common/api/detection_engine';
import { omit, pickBy } from 'lodash';
const serverGeneratedProperties = ['id', 'created_at', 'updated_at', 'execution_summary'] as const;
type ServerGeneratedProperties = typeof serverGeneratedProperties[number];
export type RuleWithoutServerGeneratedProperties = Omit<RuleResponse, ServerGeneratedProperties>;
/**
* This will remove server generated properties such as date times, etc...
* @param rule Rule to pass in to remove typical server generated properties
*/
export const removeServerGeneratedProperties = (
rule: RuleResponse
): RuleWithoutServerGeneratedProperties => {
const removedProperties = omit(rule, serverGeneratedProperties);
// We're only removing undefined values, so this cast correctly narrows the type
return pickBy(
removedProperties,
(value) => value !== undefined
) as RuleWithoutServerGeneratedProperties;
};

23
x-pack/test/detection_engine_api_integration/utils/remove_server_generated_properties_including_rule_id.ts
View file

@ -1,23 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { RuleResponse } from '@kbn/security-solution-plugin/common/api/detection_engine';
import { removeServerGeneratedProperties } from './remove_server_generated_properties';
/**
* This will remove server generated properties such as date times, etc... including the rule_id
* @param rule Rule to pass in to remove typical server generated properties
*/
export const removeServerGeneratedPropertiesIncludingRuleId = (
rule: RuleResponse
): Partial<RuleResponse> => {
const ruleWithRemovedProperties = removeServerGeneratedProperties(rule);
// eslint-disable-next-line @typescript-eslint/naming-convention
const { rule_id, ...additionalRuledIdRemoved } = ruleWithRemovedProperties;
return additionalRuledIdRemoved;
};

18
x-pack/test/detection_engine_api_integration/utils/rule_to_ndjson.ts
View file

@ -1,18 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { RuleCreateProps } from '@kbn/security-solution-plugin/common/api/detection_engine';
/**
* Given a rule this will convert it to an ndjson buffer which is useful for
* testing upload features.
* @param rule The rule to convert to ndjson
*/
export const ruleToNdjson = (rule: RuleCreateProps): Buffer => {
const stringified = JSON.stringify(rule);
return Buffer.from(`${stringified}\n`);
};

37
x-pack/test/detection_engine_api_integration/utils/rule_to_update_schema.ts
View file

@ -1,37 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type {
RuleResponse,
RuleUpdateProps,
} from '@kbn/security-solution-plugin/common/api/detection_engine';
import { omit, pickBy } from 'lodash';
const propertiesToRemove = [
'id',
'immutable',
'updated_at',
'updated_by',
'created_at',
'created_by',
'related_integrations',
'required_fields',
'revision',
'setup',
'execution_summary',
];
/**
* transforms RuleResponse rule to RuleUpdateProps
* returned result can be used in rule update API calls
*/
export const ruleToUpdateSchema = (rule: RuleResponse): RuleUpdateProps => {
const removedProperties = omit(rule, propertiesToRemove);
// We're only removing undefined values, so this cast correctly narrows the type
return pickBy(removedProperties, (value) => value !== undefined) as RuleUpdateProps;
};

41
x-pack/test/detection_engine_api_integration/utils/update_rule.ts
View file

@ -1,41 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { ToolingLog } from '@kbn/tooling-log';
import type SuperTest from 'supertest';
import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants';
import {
RuleUpdateProps,
RuleResponse,
} from '@kbn/security-solution-plugin/common/api/detection_engine';
/**
* Helper to cut down on the noise in some of the tests. This checks for
* an expected 200 still and does not do any retries.
* @param supertest The supertest deps
* @param rule The rule to create
*/
export const updateRule = async (
supertest: SuperTest.SuperTest<SuperTest.Test>,
log: ToolingLog,
updatedRule: RuleUpdateProps
): Promise<RuleResponse> => {
const response = await supertest
.put(DETECTION_ENGINE_RULES_URL)
.set('kbn-xsrf', 'true')
.set('elastic-api-version', '2023-10-31')
.send(updatedRule);
if (response.status !== 200) {
log.error(
`Did not get an expected 200 "ok" when updating a rule (updateRule). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify(
response.body
)}, status: ${JSON.stringify(response.status)}`
);
}
return response.body;
};

82
x-pack/test/detection_engine_api_integration/utils/wait_for_rule_status.ts
View file

@ -1,82 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { ToolingLog } from '@kbn/tooling-log';
import type SuperTest from 'supertest';
import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants';
import {
RuleExecutionStatus,
RuleExecutionStatusEnum,
} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_monitoring';
import { waitFor } from './wait_for';
import { routeWithNamespace } from './route_with_namespace';
interface WaitForRuleStatusBaseParams {
supertest: SuperTest.SuperTest<SuperTest.Test>;
log: ToolingLog;
afterDate?: Date;
namespace?: string;
}
interface WaitForRuleStatusWithId extends WaitForRuleStatusBaseParams {
id: string;
ruleId?: never;
}
interface WaitForRuleStatusWithRuleId extends WaitForRuleStatusBaseParams {
ruleId: string;
id?: never;
}
export type WaitForRuleStatusParams = WaitForRuleStatusWithId | WaitForRuleStatusWithRuleId;
/**
* Waits for rule to settle in a provided status.
* Depending on wether `id` or `ruleId` provided it may impact the behavior.
* - `id` leads to fetching a rule via ES Get API (rulesClient.resolve -> SOClient.resolve -> ES Get API)
* - `ruleId` leads to fetching a rule via ES Search API (rulesClient.find -> SOClient.find -> ES Search API)
* ES Search API may return outdated data while ES Get API always returns fresh data
*/
export const waitForRuleStatus = async (
expectedStatus: RuleExecutionStatus,
{ supertest, log, afterDate, namespace, ...idOrRuleId }: WaitForRuleStatusParams
): Promise<void> => {
await waitFor(
async () => {
const query = 'id' in idOrRuleId ? { id: idOrRuleId.id } : { rule_id: idOrRuleId.ruleId };
const route = routeWithNamespace(DETECTION_ENGINE_RULES_URL, namespace);
const response = await supertest
.get(route)
.set('kbn-xsrf', 'true')
.set('elastic-api-version', '2023-10-31')
.query(query)
.expect(200);
// TODO: https://github.com/elastic/kibana/pull/121644 clean up, make type-safe
const rule = response.body;
const ruleStatus = rule?.execution_summary?.last_execution.status;
const ruleStatusDate = rule?.execution_summary?.last_execution.date;
return (
rule != null &&
ruleStatus === expectedStatus &&
(afterDate ? new Date(ruleStatusDate) > afterDate : true)
);
},
'waitForRuleStatus',
log
);
};
export const waitForRuleSuccess = (params: WaitForRuleStatusParams): Promise<void> =>
waitForRuleStatus(RuleExecutionStatusEnum.succeeded, params);
export const waitForRulePartialFailure = (params: WaitForRuleStatusParams): Promise<void> =>
waitForRuleStatus(RuleExecutionStatusEnum['partial failure'], params);
export const waitForRuleFailure = (params: WaitForRuleStatusParams): Promise<void> =>
waitForRuleStatus(RuleExecutionStatusEnum.failed, params);

41
x-pack/test/detection_engine_api_integration/utils/wait_for_signals_to_be_present.ts
View file

@ -1,41 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import type { ToolingLog } from '@kbn/tooling-log';
import type SuperTest from 'supertest';
import { getSignalsByIds } from './get_signals_by_ids';
import { waitFor } from './wait_for';
/**
* Waits for the signal hits to be greater than the supplied number
* before continuing with a default of at least one signal
* @param supertest Deps
* @param numberOfSignals The number of signals to wait for, default is 1
*/
export const waitForSignalsToBePresent = async (
supertest: SuperTest.SuperTest<SuperTest.Test>,
log: ToolingLog,
numberOfSignals = 1,
signalIds: string[],
namespace?: string
): Promise<void> => {
await waitFor(
async () => {
const signalsOpen = await getSignalsByIds(
supertest,
log,
signalIds,
numberOfSignals,
namespace
);
return signalsOpen.hits.hits.length >= numberOfSignals;
},
'waitForSignalsToBePresent',
log
);
};

2
x-pack/test/functional/es_archives/rule_keyword_family/README.md
View file

@ -1,7 +1,7 @@
Within this folder is input test data for tests within the folder:
```ts
x-pack/test/detection_engine_api_integration/security_and_spaces/tests/keyword_family
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/keyword_family
```
where these are small ECS compliant input indexes that try to express tests that exercise different parts of

4
x-pack/test/functional/es_archives/security_solution/README.md
View file

@ -1,7 +1,7 @@
Collection of data sets for use within various tests. Most of the tests to these live in either:
```
x-pack/test/detection_engine_api_integrations/security_and_spaces/tests
x-pack/test/security_solution_api_integration/test_suites/
```
or
@ -10,4 +10,4 @@ or
x-pack/test/api_integration/apis/security_solution
```
* Folder `telemetry` is for the tests underneath `detection_engine_api_integration/security_and_spaces/tests/telemetry`.
- Folder `telemetry` is for the tests underneath `x-pack/test/security_solution_api_integration/test_suites/detections_response/telemetry`.

30
x-pack/test/security_solution_api_integration/package.json
View file

@ -143,12 +143,24 @@
"rule_update:server:ess": "npm run initialize-server:rm rule_update ess",
"rule_update:runner:ess": "npm run run-tests:rm rule_update ess essEnv",
"rule_update:essentials:server:serverless": "npm run initialize-server:rm:basic_essentials rule_update serverless",
"rule_update:essentials:runner:serverless": "npm run run-tests:rm:basic_essentials rule_update serverless serverlessEnv",
"rule_update:essentials:qa:serverless": "npm run run-tests:rm:basic_essentials rule_update serverless qaEnv",
"rule_update:basic:server:ess": "npm run initialize-server:rm:basic_essentials rule_update ess",
"rule_update:basic:runner:ess": "npm run run-tests:rm:basic_essentials rule_update ess essEnv",
"rule_patch:server:serverless": "npm run initialize-server:rm rule_patch serverless",
"rule_patch:runner:serverless": "npm run run-tests:rm rule_patch serverless serverlessEnv",
"rule_patch:qa:serverless": "npm run run-tests:rm rule_patch serverless qaEnv",
"rule_patch:server:ess": "npm run initialize-server:rm rule_patch ess",
"rule_patch:runner:ess": "npm run run-tests:rm rule_patch ess essEnv",
"rule_patch:essentials:server:serverless": "npm run initialize-server:rm:basic_essentials rule_patch serverless",
"rule_patch:essentials:runner:serverless": "npm run run-tests:rm:basic_essentials rule_patch serverless serverlessEnv",
"rule_patch:essentials:qa:serverless": "npm run run-tests:rm:basic_essentials rule_patch serverless qaEnv",
"rule_patch:basic:server:ess": "npm run initialize-server:rm:basic_essentials rule_patch ess",
"rule_patch:basic:runner:ess": "npm run run-tests:rm:basic_essentials rule_patch ess essEnv",
"prebuilt_rules_management:server:serverless": "npm run initialize-server:rm prebuilt_rules/management serverless",
"prebuilt_rules_management:runner:serverless": "npm run run-tests:rm prebuilt_rules/management serverless serverlessEnv",
"prebuilt_rules_management:qa:serverless": "npm run run-tests:rm prebuilt_rules/management serverless qaEnv",
@ -179,12 +191,24 @@
"rule_delete:server:ess": "npm run initialize-server:rm rule_delete ess",
"rule_delete:runner:ess": "npm run run-tests:rm rule_delete ess essEnv",
"rule_delete:essentials:server:serverless": "npm run initialize-server:rm:basic_essentials rule_delete serverless",
"rule_delete:essentials:runner:serverless": "npm run run-tests:rm:basic_essentials rule_delete serverless serverlessEnv",
"rule_delete:essentials:qa:serverless": "npm run run-tests:rm:basic_essentials rule_delete serverless qaEnv",
"rule_delete:basic:server:ess": "npm run initialize-server:rm:basic_essentials rule_delete ess",
"rule_delete:basic:runner:ess": "npm run run-tests:rm:basic_essentials rule_delete ess essEnv",
"rule_import_export:server:serverless": "npm run initialize-server:rm rule_import_export serverless",
"rule_import_export:runner:serverless": "npm run run-tests:rm rule_import_export serverless serverlessEnv",
"rule_import_export:qa:serverless": "npm run run-tests:rm rule_import_export serverless qaEnv",
"rule_import_export:server:ess": "npm run initialize-server:rm rule_import_export ess",
"rule_import_export:runner:ess": "npm run run-tests:rm rule_import_export ess essEnv",
"rule_import_export:essentials:server:serverless": "npm run initialize-server:rm:basic_essentials rule_import_export serverless",
"rule_import_export:essentials:runner:serverless": "npm run run-tests:rm:basic_essentials rule_import_export serverless serverlessEnv",
"rule_import_export:essentials:qa:serverless": "npm run run-tests:rm:basic_essentials rule_import_export serverless qaEnv",
"rule_import_export:basic:server:ess": "npm run initialize-server:rm:basic_essentials rule_import_export ess",
"rule_import_export:basic:runner:ess": "npm run run-tests:rm:basic_essentials rule_import_export ess essEnv",
"rule_management:server:serverless": "npm run initialize-server:rm rule_management serverless",
"rule_management:runner:serverless": "npm run run-tests:rm rule_management serverless serverlessEnv",
"rule_management:qa:serverless": "npm run run-tests:rm rule_management serverless qaEnv",
@ -203,6 +227,12 @@
"rule_read:server:ess": "npm run initialize-server:rm rule_read ess",
"rule_read:runner:ess": "npm run run-tests:rm rule_read ess essEnv",
"rule_read:essentials:server:serverless": "npm run initialize-server:rm:basic_essentials rule_read serverless",
"rule_read:essentials:runner:serverless": "npm run run-tests:rm:basic_essentials rule_read serverless serverlessEnv",
"rule_read:essentials:qa:serverless": "npm run run-tests:rm:basic_essentials rule_read serverless qaEnv",
"rule_read:basic:server:ess": "npm run initialize-server:rm:basic_essentials rule_read ess",
"rule_read:basic:runner:ess": "npm run run-tests:rm:basic_essentials rule_read ess essEnv",
"rules_management:essentials:server:serverless": "npm run initialize-server:rm:basic_essentials rule_management serverless",
"rules_management:essentials:runner:serverless": "npm run run-tests:rm:basic_essentials rule_management serverless serverlessEnv",
"rules_management:essentials:qa:serverless": "npm run run-tests:rm:basic_essentials rule_management serverless qaEnv",

6
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/actions/trial_license_complete_tier/add_actions.ts
View file

@ -12,11 +12,9 @@ import {
deleteAllRules,
waitForRuleSuccess,
deleteAllAlerts,
getCustomQueryRuleParams,
createWebHookRuleAction,
fetchRule,
} from '../../../utils';
} from '../../../../../../common/utils/security_solution';
import { FtrProviderContext } from '../../../../../ftr_provider_context';
import { createWebHookRuleAction, fetchRule, getCustomQueryRuleParams } from '../../../utils';
export default ({ getService }: FtrProviderContext) => {
const supertest = getService('supertest');

9
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/actions/trial_license_complete_tier/check_privileges.ts
View file

@ -10,15 +10,14 @@ import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common
import { ROLES } from '@kbn/security-solution-plugin/common/test';
import { ThresholdRuleCreateProps } from '@kbn/security-solution-plugin/common/api/detection_engine';
import { createRuleWithAuth, getThresholdRuleForAlertTesting } from '../../../utils';
import {
createAlertsIndex,
deleteAllRules,
deleteAllAlerts,
createAlertsIndex,
waitForRulePartialFailure,
getRuleForAlertTesting,
createRuleWithAuth,
getThresholdRuleForAlertTesting,
deleteAllAlerts,
} from '../../../utils';
} from '../../../../../../common/utils/security_solution';
import {
createUserAndRole,
deleteUserAndRole,

10
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/actions/trial_license_complete_tier/throttle.ts
View file

@ -18,16 +18,18 @@ import {
X_ELASTIC_INTERNAL_ORIGIN_REQUEST,
} from '@kbn/core-http-common';
import {
createAlertsIndex,
deleteAllRules,
deleteAllAlerts,
getWebHookAction,
getRuleWithWebHookAction,
createRule,
getSimpleRule,
fetchRule,
updateRule,
} from '../../../utils';
import {
createRule,
createAlertsIndex,
deleteAllRules,
deleteAllAlerts,
} from '../../../../../../common/utils/security_solution';
import { FtrProviderContext } from '../../../../../ftr_provider_context';

8
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/actions/trial_license_complete_tier/update_actions.ts
View file

@ -10,10 +10,7 @@ import expect from 'expect';
import { ELASTIC_SECURITY_RULE_ID } from '@kbn/security-solution-plugin/common';
import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants';
import {
deleteAllRules,
deleteAllAlerts,
getRuleWithWebHookAction,
waitForRuleSuccess,
updateRule,
installMockPrebuiltRules,
fetchRule,
@ -23,6 +20,11 @@ import {
getCustomQueryRuleParams,
getPrebuiltRulesAndTimelinesStatus,
} from '../../../utils';
import {
deleteAllRules,
deleteAllAlerts,
waitForRuleSuccess,
} from '../../../../../../common/utils/security_solution';
import { FtrProviderContext } from '../../../../../ftr_provider_context';
export default ({ getService }: FtrProviderContext) => {

8
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/open_close_alerts.ts
View file

@ -14,18 +14,18 @@ import {
DETECTION_ENGINE_QUERY_SIGNALS_URL,
} from '@kbn/security-solution-plugin/common/constants';
import { DetectionAlert } from '@kbn/security-solution-plugin/common/api/detection_engine';
import { setAlertStatus } from '../../../utils';
import {
createAlertsIndex,
setAlertStatus,
getQueryAlertIds,
deleteAllRules,
createRule,
waitForAlertsToBePresent,
getAlertsByIds,
waitForRuleSuccess,
getRuleForAlertTesting,
deleteAllRules,
deleteAllAlerts,
} from '../../../utils';
createAlertsIndex,
} from '../../../../../../common/utils/security_solution';
import { FtrProviderContext } from '../../../../../ftr_provider_context';
import { EsArchivePathBuilder } from '../../../../../es_archive_path_builder';

6
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/query_alerts.ts
View file

@ -12,7 +12,11 @@ import {
ALERTS_AS_DATA_FIND_URL,
} from '@kbn/security-solution-plugin/common/constants';
import { X_ELASTIC_INTERNAL_ORIGIN_REQUEST } from '@kbn/core-http-common';
import { getAlertStatus, createAlertsIndex, deleteAllAlerts } from '../../../utils';
import { getAlertStatus } from '../../../utils';
import {
createAlertsIndex,
deleteAllAlerts,
} from '../../../../../../common/utils/security_solution';
import { FtrProviderContext } from '../../../../../ftr_provider_context';
export default ({ getService }: FtrProviderContext) => {

5
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/query_alerts_backword_compatibility.ts
View file

@ -8,7 +8,10 @@
import expect from '@kbn/expect';
import { DETECTION_ENGINE_QUERY_SIGNALS_URL } from '@kbn/security-solution-plugin/common/constants';
import { createAlertsIndex, deleteAllAlerts } from '../../../utils';
import {
createAlertsIndex,
deleteAllAlerts,
} from '../../../../../../common/utils/security_solution';
import { FtrProviderContext } from '../../../../../ftr_provider_context';
export default ({ getService }: FtrProviderContext) => {

20
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/alerts_compatibility.ts
View file

@ -20,24 +20,26 @@ import {
ThreatMatchRuleCreateProps,
ThresholdRuleCreateProps,
} from '@kbn/security-solution-plugin/common/api/detection_engine';
import {
finalizeAlertsMigration,
getEqlRuleForAlertTesting,
getSavedQueryRuleForAlertTesting,
getThreatMatchRuleForAlertTesting,
getThresholdRuleForAlertTesting,
startAlertsMigration,
removeRandomValuedPropertiesFromAlert,
} from '../../../utils';
import {
createRule,
createAlertsIndex,
deleteAllRules,
deleteAllAlerts,
finalizeAlertsMigration,
getEqlRuleForAlertTesting,
getRuleForAlertTesting,
getSavedQueryRuleForAlertTesting,
getAlertsByIds,
getThreatMatchRuleForAlertTesting,
getThresholdRuleForAlertTesting,
startAlertsMigration,
waitFor,
waitForRuleSuccess,
waitForAlertsToBePresent,
removeRandomValuedPropertiesFromAlert,
} from '../../../utils';
getRuleForAlertTesting,
} from '../../../../../../common/utils/security_solution';
import { FtrProviderContext } from '../../../../../ftr_provider_context';
export default ({ getService }: FtrProviderContext) => {

2
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/aliases.ts
View file

@ -16,7 +16,7 @@ import {
getAlertsById,
waitForRuleSuccess,
waitForAlertsToBePresent,
} from '../../../utils';
} from '../../../../../../common/utils/security_solution';
import { FtrProviderContext } from '../../../../../ftr_provider_context';
export default ({ getService }: FtrProviderContext) => {

4
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/assignments/assignments.ts
View file

@ -14,6 +14,7 @@ import {
} from '@kbn/security-solution-plugin/common/constants';
import { DetectionAlert } from '@kbn/security-solution-plugin/common/api/detection_engine';
import { setAlertAssignees } from '../../../../utils';
import {
createAlertsIndex,
createRule,
@ -22,10 +23,9 @@ import {
getAlertsByIds,
getQueryAlertIds,
getRuleForAlertTesting,
setAlertAssignees,
waitForAlertsToBePresent,
waitForRuleSuccess,
} from '../../../../utils';
} from '../../../../../../../common/utils/security_solution';
import { FtrProviderContext } from '../../../../../../ftr_provider_context';
import { EsArchivePathBuilder } from '../../../../../../es_archive_path_builder';

4
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/assignments/assignments_ess.ts
View file

@ -12,6 +12,7 @@ import {
createUserAndRole,
deleteUserAndRole,
} from '../../../../../../../common/services/security_solution';
import { setAlertAssignees } from '../../../../utils';
import {
createAlertsIndex,
createRule,
@ -19,10 +20,9 @@ import {
deleteAllRules,
getAlertsByIds,
getRuleForAlertTesting,
setAlertAssignees,
waitForAlertsToBePresent,
waitForRuleSuccess,
} from '../../../../utils';
} from '../../../../../../../common/utils/security_solution';
import { FtrProviderContext } from '../../../../../../ftr_provider_context';
import { EsArchivePathBuilder } from '../../../../../../es_archive_path_builder';

4
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/assignments/assignments_serverless.ts
View file

@ -8,6 +8,7 @@
import { DETECTION_ENGINE_ALERT_ASSIGNEES_URL } from '@kbn/security-solution-plugin/common/constants';
import { ROLES } from '@kbn/security-solution-plugin/common/test';
import { setAlertAssignees } from '../../../../utils';
import {
createAlertsIndex,
createRule,
@ -15,10 +16,9 @@ import {
deleteAllRules,
getAlertsByIds,
getRuleForAlertTesting,
setAlertAssignees,
waitForAlertsToBePresent,
waitForRuleSuccess,
} from '../../../../utils';
} from '../../../../../../../common/utils/security_solution';
import { FtrProviderContext } from '../../../../../../ftr_provider_context';
import { EsArchivePathBuilder } from '../../../../../../es_archive_path_builder';

2
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/create_index.ts
View file

@ -13,7 +13,7 @@ import {
import { SIGNALS_FIELD_ALIASES_VERSION } from '@kbn/security-solution-plugin/server/lib/detection_engine/routes/index/get_signals_template';
import { deleteAllAlerts } from '../../../utils';
import { deleteAllAlerts } from '../../../../../../common/utils/security_solution';
import { FtrProviderContext } from '../../../../../ftr_provider_context';

6
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/migrations/create_alerts_migrations.ts
View file

@ -16,13 +16,11 @@ import { ROLES } from '@kbn/security-solution-plugin/common/test';
import { SIGNALS_TEMPLATE_VERSION } from '@kbn/security-solution-plugin/server/lib/detection_engine/routes/index/get_signals_template';
import { Signal } from '@kbn/security-solution-plugin/server/lib/detection_engine/rule_types/types';
import { deleteMigrations, getIndexNameFromLoad, waitForIndexToPopulate } from '../../../../utils';
import {
createAlertsIndex,
deleteMigrations,
deleteAllAlerts,
getIndexNameFromLoad,
waitForIndexToPopulate,
} from '../../../../utils';
} from '../../../../../../../common/utils/security_solution';
import {
createUserAndRole,
deleteUserAndRole,

4
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/migrations/delete_alerts_migrations.ts
View file

@ -13,12 +13,12 @@ import {
DETECTION_ENGINE_SIGNALS_MIGRATION_URL,
} from '@kbn/security-solution-plugin/common/constants';
import { ROLES } from '@kbn/security-solution-plugin/common/test';
import { getIndexNameFromLoad } from '../../../../utils';
import {
createAlertsIndex,
deleteAllAlerts,
getIndexNameFromLoad,
waitFor,
} from '../../../../utils';
} from '../../../../../../../common/utils/security_solution';
import { createUserAndRole } from '../../../../../../../common/services/security_solution';
interface CreateResponse {

5
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/migrations/finalize_alerts_migrations.ts
View file

@ -13,13 +13,12 @@ import {
DETECTION_ENGINE_SIGNALS_MIGRATION_URL,
} from '@kbn/security-solution-plugin/common/constants';
import { ROLES } from '@kbn/security-solution-plugin/common/test';
import { deleteMigrations, getIndexNameFromLoad } from '../../../../utils';
import {
createAlertsIndex,
deleteMigrations,
deleteAllAlerts,
getIndexNameFromLoad,
waitFor,
} from '../../../../utils';
} from '../../../../../../../common/utils/security_solution';
import {
createUserAndRole,
deleteUserAndRole,

6
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/migrations/get_alerts_migration_status.ts
View file

@ -9,7 +9,11 @@ import expect from '@kbn/expect';
import { DETECTION_ENGINE_SIGNALS_MIGRATION_STATUS_URL } from '@kbn/security-solution-plugin/common/constants';
import { ROLES } from '@kbn/security-solution-plugin/common/test';
import { createAlertsIndex, deleteAllAlerts, getIndexNameFromLoad } from '../../../../utils';
import { getIndexNameFromLoad } from '../../../../utils';
import {
createAlertsIndex,
deleteAllAlerts,
} from '../../../../../../../common/utils/security_solution';
import {
createUserAndRole,
deleteUserAndRole,

6
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/open_close_alerts.ts
View file

@ -17,11 +17,10 @@ import {
} from '@kbn/security-solution-plugin/common/constants';
import { ROLES } from '@kbn/security-solution-plugin/common/test';
import { DetectionAlert } from '@kbn/security-solution-plugin/common/api/detection_engine';
import { setAlertStatus, getAlertUpdateByQueryEmptyResponse, refreshIndex } from '../../../utils';
import {
createAlertsIndex,
deleteAllAlerts,
setAlertStatus,
getAlertUpdateByQueryEmptyResponse,
getQueryAlertIds,
deleteAllRules,
createRule,
@ -29,8 +28,7 @@ import {
getAlertsByIds,
waitForRuleSuccess,
getRuleForAlertTesting,
refreshIndex,
} from '../../../utils';
} from '../../../../../../common/utils/security_solution';
import {
createUserAndRole,
deleteUserAndRole,

4
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/set_alert_tags.ts
View file

@ -14,6 +14,7 @@ import {
} from '@kbn/security-solution-plugin/common/constants';
import { DetectionAlert } from '@kbn/security-solution-plugin/common/api/detection_engine';
import { setAlertTags } from '../../../utils';
import {
createAlertsIndex,
deleteAllAlerts,
@ -24,8 +25,7 @@ import {
getAlertsByIds,
waitForRuleSuccess,
getRuleForAlertTesting,
setAlertTags,
} from '../../../utils';
} from '../../../../../../common/utils/security_solution';
import { FtrProviderContext } from '../../../../../ftr_provider_context';
import { EsArchivePathBuilder } from '../../../../../es_archive_path_builder';

4
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/date_numeric_types/trial_license_complete_tier/date.ts
View file

@ -13,9 +13,9 @@ import {
deleteListsIndex,
importFile,
} from '../../../../../../lists_and_exception_lists/utils';
import { createRuleWithExceptionEntries } from '../../../../../utils';
import {
createRule,
createRuleWithExceptionEntries,
createAlertsIndex,
deleteAllRules,
deleteAllAlerts,
@ -23,7 +23,7 @@ import {
getAlertsById,
waitForRuleSuccess,
waitForAlertsToBePresent,
} from '../../../../../utils';
} from '../../../../../../../../common/utils/security_solution';
import { FtrProviderContext } from '../../../../../../../ftr_provider_context';
export default ({ getService }: FtrProviderContext) => {

4
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/date_numeric_types/trial_license_complete_tier/double.ts
View file

@ -13,9 +13,9 @@ import {
deleteListsIndex,
importFile,
} from '../../../../../../lists_and_exception_lists/utils';
import { createRuleWithExceptionEntries } from '../../../../../utils';
import {
createRule,
createRuleWithExceptionEntries,
createAlertsIndex,
deleteAllRules,
deleteAllAlerts,
@ -23,7 +23,7 @@ import {
getAlertsById,
waitForRuleSuccess,
waitForAlertsToBePresent,
} from '../../../../../utils';
} from '../../../../../../../../common/utils/security_solution';
import { FtrProviderContext } from '../../../../../../../ftr_provider_context';
export default ({ getService }: FtrProviderContext) => {

4
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/date_numeric_types/trial_license_complete_tier/float.ts
View file

@ -13,9 +13,9 @@ import {
deleteListsIndex,
importFile,
} from '../../../../../../lists_and_exception_lists/utils';
import { createRuleWithExceptionEntries } from '../../../../../utils';
import {
createRule,
createRuleWithExceptionEntries,
createAlertsIndex,
deleteAllRules,
deleteAllAlerts,
@ -23,7 +23,7 @@ import {
getAlertsById,
waitForRuleSuccess,
waitForAlertsToBePresent,
} from '../../../../../utils';
} from '../../../../../../../../common/utils/security_solution';
import { FtrProviderContext } from '../../../../../../../ftr_provider_context';
export default ({ getService }: FtrProviderContext) => {

4
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/date_numeric_types/trial_license_complete_tier/integer.ts
View file

@ -13,9 +13,9 @@ import {
deleteListsIndex,
importFile,
} from '../../../../../../lists_and_exception_lists/utils';
import { createRuleWithExceptionEntries } from '../../../../../utils';
import {
createRule,
createRuleWithExceptionEntries,
createAlertsIndex,
deleteAllRules,
deleteAllAlerts,
@ -23,7 +23,7 @@ import {
getAlertsById,
waitForRuleSuccess,
waitForAlertsToBePresent,
} from '../../../../../utils';
} from '../../../../../../../../common/utils/security_solution';
import { FtrProviderContext } from '../../../../../../../ftr_provider_context';
export default ({ getService }: FtrProviderContext) => {

4
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/ips/trial_license_complete_tier/ip.ts
View file

@ -13,9 +13,9 @@ import {
deleteListsIndex,
importFile,
} from '../../../../../../lists_and_exception_lists/utils';
import { createRuleWithExceptionEntries } from '../../../../../utils';
import {
createRule,
createRuleWithExceptionEntries,
createAlertsIndex,
deleteAllRules,
deleteAllAlerts,
@ -23,7 +23,7 @@ import {
getAlertsById,
waitForRuleSuccess,
waitForAlertsToBePresent,
} from '../../../../../utils';
} from '../../../../../../../../common/utils/security_solution';
import { FtrProviderContext } from '../../../../../../../ftr_provider_context';
export default ({ getService }: FtrProviderContext) => {

4
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/ips/trial_license_complete_tier/ip_array.ts
View file

@ -13,9 +13,9 @@ import {
deleteListsIndex,
importFile,
} from '../../../../../../lists_and_exception_lists/utils';
import { createRuleWithExceptionEntries } from '../../../../../utils';
import {
createRule,
createRuleWithExceptionEntries,
createAlertsIndex,
deleteAllRules,
deleteAllAlerts,
@ -23,7 +23,7 @@ import {
getAlertsById,
waitForRuleSuccess,
waitForAlertsToBePresent,
} from '../../../../../utils';
} from '../../../../../../../../common/utils/security_solution';
import { FtrProviderContext } from '../../../../../../../ftr_provider_context';
export default ({ getService }: FtrProviderContext) => {

4
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/keyword/trial_license_complete_tier/keyword.ts
View file

@ -13,9 +13,9 @@ import {
deleteListsIndex,
importFile,
} from '../../../../../../lists_and_exception_lists/utils';
import { createRuleWithExceptionEntries } from '../../../../../utils';
import {
createRule,
createRuleWithExceptionEntries,
createAlertsIndex,
deleteAllRules,
deleteAllAlerts,
@ -23,7 +23,7 @@ import {
getAlertsById,
waitForRuleSuccess,
waitForAlertsToBePresent,
} from '../../../../../utils';
} from '../../../../../../../../common/utils/security_solution';
import { FtrProviderContext } from '../../../../../../../ftr_provider_context';
export default ({ getService }: FtrProviderContext) => {

4
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/keyword/trial_license_complete_tier/keyword_array.ts
View file

@ -14,9 +14,9 @@ import {
importFile,
} from '../../../../../../lists_and_exception_lists/utils';
import { createRuleWithExceptionEntries } from '../../../../../utils';
import {
createRule,
createRuleWithExceptionEntries,
createAlertsIndex,
deleteAllRules,
deleteAllAlerts,
@ -24,7 +24,7 @@ import {
getAlertsById,
waitForRuleSuccess,
waitForAlertsToBePresent,
} from '../../../../../utils';
} from '../../../../../../../../common/utils/security_solution';
import { FtrProviderContext } from '../../../../../../../ftr_provider_context';
export default ({ getService }: FtrProviderContext) => {

4
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/long/trial_license_complete_tier/long.ts
View file

@ -13,9 +13,9 @@ import {
deleteListsIndex,
importFile,
} from '../../../../../../lists_and_exception_lists/utils';
import { createRuleWithExceptionEntries } from '../../../../../utils';
import {
createRule,
createRuleWithExceptionEntries,
createAlertsIndex,
deleteAllRules,
deleteAllAlerts,
@ -23,7 +23,7 @@ import {
getAlertsById,
waitForRuleSuccess,
waitForAlertsToBePresent,
} from '../../../../../utils';
} from '../../../../../../../../common/utils/security_solution';
import { FtrProviderContext } from '../../../../../../../ftr_provider_context';
export default ({ getService }: FtrProviderContext) => {

4
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/text/trial_license_complete_tier/text.ts
View file

@ -14,9 +14,9 @@ import {
importFile,
importTextFile,
} from '../../../../../../lists_and_exception_lists/utils';
import { createRuleWithExceptionEntries } from '../../../../../utils';
import {
createRule,
createRuleWithExceptionEntries,
createAlertsIndex,
deleteAllRules,
deleteAllAlerts,
@ -24,7 +24,7 @@ import {
getAlertsById,
waitForRuleSuccess,
waitForAlertsToBePresent,
} from '../../../../../utils';
} from '../../../../../../../../common/utils/security_solution';
import { FtrProviderContext } from '../../../../../../../ftr_provider_context';
export default ({ getService }: FtrProviderContext) => {

4
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/text/trial_license_complete_tier/text_array.ts
View file

@ -13,9 +13,9 @@ import {
deleteListsIndex,
importFile,
} from '../../../../../../lists_and_exception_lists/utils';
import { createRuleWithExceptionEntries } from '../../../../../utils';
import {
createRule,
createRuleWithExceptionEntries,
createAlertsIndex,
deleteAllRules,
deleteAllAlerts,
@ -23,7 +23,7 @@ import {
getAlertsById,
waitForRuleSuccess,
waitForAlertsToBePresent,
} from '../../../../../utils';
} from '../../../../../../../../common/utils/security_solution';
import { FtrProviderContext } from '../../../../../../../ftr_provider_context';
export default ({ getService }: FtrProviderContext) => {

4
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/workflows/trial_license_complete_tier/create_endpoint_exceptions.ts
View file

@ -9,9 +9,9 @@ import { ToolingLog } from '@kbn/tooling-log';
import expect from 'expect';
import type SuperTest from 'supertest';
import { createRuleWithExceptionEntries } from '../../../../utils';
import {
createRule,
createRuleWithExceptionEntries,
createAlertsIndex,
deleteAllRules,
deleteAllAlerts,
@ -19,7 +19,7 @@ import {
getAlertsById,
waitForRuleSuccess,
waitForAlertsToBePresent,
} from '../../../../utils';
} from '../../../../../../../common/utils/security_solution';
import {
createListsIndex,
deleteAllExceptions,

10
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/workflows/trial_license_complete_tier/create_rule_exceptions.ts
View file

@ -18,17 +18,19 @@ import {
import { getCreateExceptionListMinimalSchemaMock } from '@kbn/lists-plugin/common/schemas/request/create_exception_list_schema.mock';
import {
fetchRule,
createRule,
getSimpleRule,
createAlertsIndex,
deleteAllRules,
createExceptionList,
deleteAllAlerts,
getRuleSOById,
createRuleThroughAlertingEndpoint,
getRuleSavedObjectWithLegacyInvestigationFields,
checkInvestigationFieldSoValue,
} from '../../../../utils';
import {
createRule,
createAlertsIndex,
deleteAllRules,
deleteAllAlerts,
} from '../../../../../../../common/utils/security_solution';
import {
deleteAllExceptions,
removeExceptionListItemServerGeneratedProperties,

5
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/workflows/trial_license_complete_tier/find_rule_exception_references.ts
View file

@ -22,14 +22,13 @@ import {
import { FtrProviderContext } from '../../../../../../ftr_provider_context';
import { getSimpleRule, createExceptionList } from '../../../../utils';
import {
createRule,
getSimpleRule,
deleteAllRules,
createExceptionList,
deleteAllAlerts,
createAlertsIndex,
} from '../../../../utils';
} from '../../../../../../../common/utils/security_solution';
import { deleteAllExceptions } from '../../../../../lists_and_exception_lists/utils';
export default ({ getService }: FtrProviderContext) => {

17
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/workflows/trial_license_complete_tier/role_based_rule_exceptions_workflows.ts
View file

@ -30,31 +30,32 @@ import { ELASTIC_SECURITY_RULE_ID } from '@kbn/security-solution-plugin/common';
import { EsArchivePathBuilder } from '../../../../../../es_archive_path_builder';
import {
createAlertsIndex,
fetchRule,
createRule,
getSimpleRule,
deleteAllRules,
createExceptionList,
createExceptionListItem,
getThresholdRuleForAlertTesting,
getSimpleRuleOutput,
removeServerGeneratedProperties,
downgradeImmutableRule,
waitForRuleSuccess,
installMockPrebuiltRules,
waitForAlertsToBePresent,
getAlertsByIds,
findImmutableRuleById,
getPrebuiltRulesAndTimelinesStatus,
getOpenAlerts,
createRuleWithExceptionEntries,
getEqlRuleForAlertTesting,
SAMPLE_PREBUILT_RULES,
deleteAllAlerts,
updateUsername,
} from '../../../../utils';
import {
createAlertsIndex,
createRule,
deleteAllRules,
waitForRuleSuccess,
waitForAlertsToBePresent,
getAlertsByIds,
deleteAllAlerts,
} from '../../../../../../../common/utils/security_solution';
import {
createListsIndex,
deleteAllExceptions,

11
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/workflows/trial_license_complete_tier/rule_exception_synchronizations.ts
View file

@ -18,13 +18,12 @@ import type {
RuleCreateProps,
} from '@kbn/security-solution-plugin/common/api/detection_engine';
import { getCreateExceptionListDetectionSchemaMock } from '@kbn/lists-plugin/common/schemas/request/create_exception_list_schema.mock';
import { createRuleWithExceptionEntries, getSimpleRule } from '../../../../utils';
import {
deleteAllAlerts,
getSimpleRule,
createRuleWithExceptionEntries,
deleteAllRules,
createRule,
} from '../../../../utils';
} from '../../../../../../../common/utils/security_solution';
import {
createListsIndex,
deleteAllExceptions,
@ -45,8 +44,8 @@ export default ({ getService }: FtrProviderContext) => {
await deleteAllExceptions(supertest, log);
});
/*
This test to mimic if we have two browser tabs, and the user tried to
edit an exception in a tab after deleting it in another
This test to mimic if we have two browser tabs, and the user tried to
edit an exception in a tab after deleting it in another
*/
it('should Not edit an exception after being deleted', async () => {
const { list_id: skippedListId, ...newExceptionItem } =
@ -101,7 +100,7 @@ export default ({ getService }: FtrProviderContext) => {
});
});
/*
This test to mimic if we have two browser tabs, and the user tried to
This test to mimic if we have two browser tabs, and the user tried to
edit an exception with value-list was deleted in another tab
*/
it('should Not allow editing an Exception with deleted ValueList', async () => {

8
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/execution_logic/eql.ts
View file

@ -30,14 +30,16 @@ import {
} from '@kbn/security-solution-plugin/common/field_maps/field_names';
import { getMaxSignalsWarning as getMaxAlertsWarning } from '@kbn/security-solution-plugin/server/lib/detection_engine/rule_types/utils/utils';
import {
createRule,
deleteAllRules,
deleteAllAlerts,
getEqlRuleForAlertTesting,
getOpenAlerts,
getPreviewAlerts,
previewRule,
} from '../../../../utils';
import {
createRule,
deleteAllRules,
deleteAllAlerts,
} from '../../../../../../../common/utils/security_solution';
import { FtrProviderContext } from '../../../../../../ftr_provider_context';
import { EsArchivePathBuilder } from '../../../../../../es_archive_path_builder';

Some files were not shown because too many files have changed in this diff Show more