From 6e8d3ed6c11fef20d4db9bcc4186d463462f9547 Mon Sep 17 00:00:00 2001 From: Sergi Massaneda Date: Thu, 2 Nov 2023 17:05:08 +0100 Subject: [PATCH] [Security Solution] Add analytics features to security roles (#169783) ## Summary issue: https://github.com/elastic/kibana/issues/168245 Adding missing "Analytics" features to all Security roles: ``` - feature_discover.all - feature_dashboard.all - feature_canvas.all - feature_graph.all - feature_maps.all - feature_visualize.all ``` In order to verify the Discover link is present in the sidenav a new cypress test for serverless has been added to: `x-pack/test/security_solution_cypress/cypress/e2e/navigation/navigation.cy.ts` --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> --- .../kbn-es/src/serverless_resources/roles.yml | 78 ++++- .../osquery/cypress/tasks/live_query.ts | 7 +- .../es_serverless_resources/roles.yml | 267 +++++++++++++----- .../{header => navigation}/navigation.cy.ts | 153 +++++++++- .../{header => navigation}/search_bar.cy.ts | 0 .../screens/serverless_security_header.ts | 63 +++-- .../cypress/tasks/navigation.ts | 7 +- .../cypress/tasks/security_header.ts | 11 +- .../cypress/urls/navigation.ts | 14 + .../project_controller_security_roles.yml | 72 +++++ 10 files changed, 555 insertions(+), 117 deletions(-) rename x-pack/test/security_solution_cypress/cypress/e2e/{header => navigation}/navigation.cy.ts (56%) rename x-pack/test/security_solution_cypress/cypress/e2e/{header => navigation}/search_bar.cy.ts (100%) diff --git a/packages/kbn-es/src/serverless_resources/roles.yml b/packages/kbn-es/src/serverless_resources/roles.yml index 5777f282ff7a4..8aaeacd770910 100644 --- a/packages/kbn-es/src/serverless_resources/roles.yml +++ b/packages/kbn-es/src/serverless_resources/roles.yml @@ -117,7 +117,7 @@ t1_analyst: - metrics-endpoint.metadata_current_* - ".fleet-agents*" - ".fleet-actions*" - - "risk-score.risk-score-*" + - risk-score.risk-score-* privileges: - read applications: @@ -132,6 +132,12 @@ t1_analyst: - feature_builtInAlerts.read - feature_osquery.read - feature_osquery.run_saved_queries + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all resources: "*" t2_analyst: @@ -158,7 +164,7 @@ t2_analyst: - metrics-endpoint.metadata_current_* - .fleet-agents* - .fleet-actions* - - "risk-score.risk-score-*" + - risk-score.risk-score-* privileges: - read applications: @@ -173,6 +179,12 @@ t2_analyst: - feature_builtInAlerts.read - feature_osquery.read - feature_osquery.run_saved_queries + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all resources: "*" t3_analyst: @@ -206,7 +218,7 @@ t3_analyst: - metrics-endpoint.metadata_current_* - .fleet-agents* - .fleet-actions* - - "risk-score.risk-score-*" + - risk-score.risk-score-* privileges: - read applications: @@ -230,6 +242,12 @@ t3_analyst: - feature_actions.read - feature_builtInAlerts.all - feature_osquery.all + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all resources: "*" threat_intelligence_analyst: @@ -259,7 +277,7 @@ threat_intelligence_analyst: - metrics-endpoint.metadata_current_* - .fleet-agents* - .fleet-actions* - - "risk-score.risk-score-*" + - risk-score.risk-score-* privileges: - read applications: @@ -274,6 +292,12 @@ threat_intelligence_analyst: - feature_actions.read - feature_builtInAlerts.read - feature_osquery.all + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all resources: "*" rule_author: @@ -311,7 +335,7 @@ rule_author: - metrics-endpoint.metadata_current_* - .fleet-agents* - .fleet-actions* - - "risk-score.risk-score-*" + - risk-score.risk-score-* privileges: - read applications: @@ -332,6 +356,12 @@ rule_author: - feature_actions.read - feature_builtInAlerts.all - feature_osquery.all + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all resources: "*" soc_manager: @@ -393,7 +423,13 @@ soc_manager: - feature_actions.all - feature_builtInAlerts.all - feature_osquery.all - - feature_indexPatterns.all # Detections Data Views + - feature_indexPatterns.all + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all resources: "*" detections_admin: @@ -439,6 +475,12 @@ detections_admin: - feature_actions.all - feature_builtInAlerts.all - feature_dev_tools.all + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all resources: "*" platform_engineer: @@ -483,7 +525,13 @@ platform_engineer: - feature_fleet.all - feature_fleetv2.all - feature_osquery.all - - feature_indexPatterns.all # Detections Data Views + - feature_indexPatterns.all + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all resources: "*" endpoint_operations_analyst: @@ -493,7 +541,6 @@ endpoint_operations_analyst: - metrics-endpoint.metadata_current_* - .fleet-agents* - .fleet-actions* - - risk-score.risk-score-* privileges: - read - names: @@ -507,6 +554,7 @@ endpoint_operations_analyst: - winlogbeat-* - .lists* - .items* + - risk-score.risk-score-* privileges: - read - names: @@ -540,6 +588,12 @@ endpoint_operations_analyst: - feature_osquery.all - feature_fleet.all - feature_fleetv2.all + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all resources: "*" endpoint_policy_manager: @@ -549,7 +603,6 @@ endpoint_policy_manager: - metrics-endpoint.metadata_current_* - .fleet-agents* - .fleet-actions* - - risk-score.risk-score-* privileges: - read - names: @@ -563,6 +616,7 @@ endpoint_policy_manager: - winlogbeat-* - .lists* - .items* + - risk-score.risk-score-* privileges: - read - names: @@ -593,4 +647,10 @@ endpoint_policy_manager: - feature_osquery.all - feature_fleet.all - feature_fleetv2.all + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all resources: "*" diff --git a/x-pack/plugins/osquery/cypress/tasks/live_query.ts b/x-pack/plugins/osquery/cypress/tasks/live_query.ts index 524f721de11ee..4b1b2d41b2283 100644 --- a/x-pack/plugins/osquery/cypress/tasks/live_query.ts +++ b/x-pack/plugins/osquery/cypress/tasks/live_query.ts @@ -7,7 +7,6 @@ import { LIVE_QUERY_EDITOR, OSQUERY_FLYOUT_BODY_EDITOR } from '../screens/live_query'; import { ServerlessRoleName } from '../support/roles'; -import { isServerless } from './serverless'; import { waitForAlertsToPopulate } from '../../../../test/security_solution_cypress/cypress/tasks/create_new_rule'; export const DEFAULT_QUERY = 'select * from processes;'; @@ -146,10 +145,8 @@ export const checkActionItemsInResults = ({ cases: boolean; timeline: boolean; }) => { - cy.contains('View in Discover').should( - isServerless ? 'not.exist' : discover ? 'exist' : 'not.exist' - ); - cy.contains('View in Lens').should(isServerless ? 'not.exist' : lens ? 'exist' : 'not.exist'); + cy.contains('View in Discover').should(discover ? 'exist' : 'not.exist'); + cy.contains('View in Lens').should(lens ? 'exist' : 'not.exist'); cy.contains('Add to Case').should(cases ? 'exist' : 'not.exist'); cy.contains('Add to timeline investigation').should(timeline ? 'exist' : 'not.exist'); }; diff --git a/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/roles.yml b/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/roles.yml index ace64c7570aa2..b01af0a09fdd4 100644 --- a/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/roles.yml +++ b/x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/roles.yml @@ -11,7 +11,6 @@ system_indices_superuser: resources: ['*'] run_as: ['*'] - #-------------------------------------------------------------------------------------------------- # # FILE SOURCE AT: @@ -26,84 +25,129 @@ viewer: cluster: [] indices: - names: - - "/~(([.]|ilm-history-).*)/" + - '.siem-signals*' + - '.lists-*' + - '.items-*' privileges: - - "read" - - "view_index_metadata" + - 'read' + - 'view_index_metadata' allow_restricted_indices: false - names: - - ".siem-signals*" - - ".lists-*" - - ".items-*" + - '.alerts*' + - '.preview.alerts*' privileges: - - "read" - - "view_index_metadata" + - 'read' + - 'view_index_metadata' allow_restricted_indices: false - names: - - ".alerts*" - - ".preview.alerts*" + - apm-*-transaction* + - traces-apm* + - auditbeat-* + - endgame-* + - filebeat-* + - logs-* + - packetbeat-* + - winlogbeat-* + - metrics-endpoint.metadata_current_* + - '.fleet-agents*' + - '.fleet-actions*' + - 'risk-score.risk-score-*' privileges: - - "read" - - "view_index_metadata" - allow_restricted_indices: false + - read applications: - - application: "kibana-.kibana" + - application: 'kibana-.kibana' privileges: - - "read" - resources: - - "*" + - feature_ml.read + - feature_siem.read + - feature_siem.read_alerts + - feature_siem.endpoint_list_read + - feature_securitySolutionCases.read + - feature_actions.read + - feature_builtInAlerts.read + - feature_osquery.read + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all + resources: '*' run_as: [] + +# modeled after t3_analyst editor: cluster: [] indices: - names: - - "/~(([.]|ilm-history-).*)/" - privileges: - - "read" - - "view_index_metadata" - allow_restricted_indices: false - - names: - - "observability-annotations" + - '.siem-signals*' + - '.lists-*' + - '.items-*' privileges: - - "read" - - "view_index_metadata" - - "write" + - 'read' + - 'view_index_metadata' + - 'write' + - 'maintenance' allow_restricted_indices: false - names: - - ".siem-signals*" - - ".lists-*" - - ".items-*" + - apm-*-transaction* + - traces-apm* + - auditbeat-* + - endgame-* + - filebeat-* + - logs-* + - packetbeat-* + - winlogbeat-* privileges: - - "read" - - "view_index_metadata" - - "write" - - "maintenance" - allow_restricted_indices: false + - read + - write - names: - - ".internal.alerts*" - - ".alerts*" - - ".internal.preview.alerts*" - - ".preview.alerts*" + - '.internal.alerts*' + - '.alerts*' + - '.internal.preview.alerts*' + - '.preview.alerts*' + - 'risk-score.risk-score-*' privileges: - - "read" - - "view_index_metadata" - - "write" - - "maintenance" + - 'read' + - 'view_index_metadata' + - 'write' + - 'maintenance' allow_restricted_indices: false applications: - - application: "kibana-.kibana" + - application: 'kibana-.kibana' privileges: - - "all" - resources: - - "*" + - feature_ml.read + - feature_siem.all + - feature_siem.read_alerts + - feature_siem.crud_alerts + - feature_siem.endpoint_list_all + - feature_siem.trusted_applications_all + - feature_siem.event_filters_all + - feature_siem.host_isolation_exceptions_all + - feature_siem.blocklist_all + - feature_siem.policy_management_read # Elastic Defend Policy Management + - feature_siem.host_isolation_all + - feature_siem.process_operations_all + - feature_siem.actions_log_management_all # Response actions history + - feature_siem.file_operations_all + - feature_securitySolutionCases.all + - feature_actions.read + - feature_builtInAlerts.all + - feature_osquery.all + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all + resources: '*' run_as: [] t1_analyst: cluster: indices: - names: - - ".alerts-security*" - - ".siem-signals-*" + - '.alerts-security*' + - '.siem-signals-*' privileges: - read - write @@ -118,12 +162,13 @@ t1_analyst: - packetbeat-* - winlogbeat-* - metrics-endpoint.metadata_current_* - - ".fleet-agents*" - - ".fleet-actions*" + - '.fleet-agents*' + - '.fleet-actions*' + - risk-score.risk-score-* privileges: - read applications: - - application: "kibana-.kibana" + - application: 'kibana-.kibana' privileges: - feature_ml.read - feature_siem.read @@ -134,7 +179,13 @@ t1_analyst: - feature_builtInAlerts.read - feature_osquery.read - feature_osquery.run_saved_queries - resources: "*" + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all + resources: '*' t2_analyst: cluster: @@ -160,10 +211,11 @@ t2_analyst: - metrics-endpoint.metadata_current_* - .fleet-agents* - .fleet-actions* + - risk-score.risk-score-* privileges: - read applications: - - application: "kibana-.kibana" + - application: 'kibana-.kibana' privileges: - feature_ml.read - feature_siem.read @@ -174,7 +226,13 @@ t2_analyst: - feature_builtInAlerts.read - feature_osquery.read - feature_osquery.run_saved_queries - resources: "*" + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all + resources: '*' t3_analyst: cluster: @@ -207,10 +265,11 @@ t3_analyst: - metrics-endpoint.metadata_current_* - .fleet-agents* - .fleet-actions* + - risk-score.risk-score-* privileges: - read applications: - - application: "kibana-.kibana" + - application: 'kibana-.kibana' privileges: - feature_ml.read - feature_siem.all @@ -230,7 +289,13 @@ t3_analyst: - feature_actions.read - feature_builtInAlerts.all - feature_osquery.all - resources: "*" + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all + resources: '*' threat_intelligence_analyst: cluster: @@ -259,10 +324,11 @@ threat_intelligence_analyst: - metrics-endpoint.metadata_current_* - .fleet-agents* - .fleet-actions* + - risk-score.risk-score-* privileges: - read applications: - - application: "kibana-.kibana" + - application: 'kibana-.kibana' privileges: - feature_ml.read - feature_siem.read @@ -273,7 +339,13 @@ threat_intelligence_analyst: - feature_actions.read - feature_builtInAlerts.read - feature_osquery.all - resources: "*" + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all + resources: '*' rule_author: cluster: @@ -310,10 +382,11 @@ rule_author: - metrics-endpoint.metadata_current_* - .fleet-agents* - .fleet-actions* + - risk-score.risk-score-* privileges: - read applications: - - application: "kibana-.kibana" + - application: 'kibana-.kibana' privileges: - feature_ml.read - feature_siem.all @@ -330,7 +403,13 @@ rule_author: - feature_actions.read - feature_builtInAlerts.all - feature_osquery.all - resources: "*" + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all + resources: '*' soc_manager: cluster: @@ -366,10 +445,11 @@ soc_manager: - metrics-endpoint.metadata_current_* - .fleet-agents* - .fleet-actions* + - risk-score.risk-score-* privileges: - read applications: - - application: "kibana-.kibana" + - application: 'kibana-.kibana' privileges: - feature_ml.read - feature_siem.all @@ -390,11 +470,17 @@ soc_manager: - feature_actions.all - feature_builtInAlerts.all - feature_osquery.all - - feature_indexPatterns.all # Detections Data Views - resources: "*" + - feature_indexPatterns.all + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all + resources: '*' detections_admin: - cluster: + cluster: ['manage_index_templates', 'manage_transform'] indices: - names: - apm-*-transaction* @@ -421,8 +507,12 @@ detections_admin: - .fleet-actions* privileges: - read + - names: + - risk-score.risk-score-* + privileges: + - all applications: - - application: "kibana-.kibana" + - application: 'kibana-.kibana' privileges: - feature_ml.all - feature_siem.all @@ -432,7 +522,13 @@ detections_admin: - feature_actions.all - feature_builtInAlerts.all - feature_dev_tools.all - resources: "*" + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all + resources: '*' platform_engineer: cluster: @@ -453,10 +549,11 @@ platform_engineer: - .siem-signals-* - .preview.alerts-security* - .internal.preview.alerts-security* + - risk-score.risk-score-* privileges: - all applications: - - application: "kibana-.kibana" + - application: 'kibana-.kibana' privileges: - feature_ml.all - feature_siem.all @@ -475,8 +572,14 @@ platform_engineer: - feature_fleet.all - feature_fleetv2.all - feature_osquery.all - - feature_indexPatterns.all # Detections Data Views - resources: "*" + - feature_indexPatterns.all + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all + resources: '*' endpoint_operations_analyst: cluster: @@ -498,6 +601,7 @@ endpoint_operations_analyst: - winlogbeat-* - .lists* - .items* + - risk-score.risk-score-* privileges: - read - names: @@ -509,7 +613,7 @@ endpoint_operations_analyst: - read - write applications: - - application: "kibana-.kibana" + - application: 'kibana-.kibana' privileges: - feature_ml.read - feature_siem.all @@ -531,7 +635,13 @@ endpoint_operations_analyst: - feature_osquery.all - feature_fleet.all - feature_fleetv2.all - resources: "*" + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all + resources: '*' endpoint_policy_manager: cluster: @@ -553,6 +663,7 @@ endpoint_policy_manager: - winlogbeat-* - .lists* - .items* + - risk-score.risk-score-* privileges: - read - names: @@ -565,7 +676,7 @@ endpoint_policy_manager: - write - manage applications: - - application: "kibana-.kibana" + - application: 'kibana-.kibana' privileges: - feature_ml.all - feature_siem.all @@ -583,4 +694,10 @@ endpoint_policy_manager: - feature_osquery.all - feature_fleet.all - feature_fleetv2.all - resources: "*" + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all + resources: '*' diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/header/navigation.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/navigation/navigation.cy.ts similarity index 56% rename from x-pack/test/security_solution_cypress/cypress/e2e/header/navigation.cy.ts rename to x-pack/test/security_solution_cypress/cypress/e2e/navigation/navigation.cy.ts index 9ca9adf8e6cb6..788ff1d9eac0f 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/header/navigation.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/navigation/navigation.cy.ts @@ -31,9 +31,10 @@ import { SETTINGS, ENTITY_ANALYTICS, } from '../../screens/security_header'; +import * as ServerlessHeaders from '../../screens/serverless_security_header'; import { login } from '../../tasks/login'; -import { visit, visitWithTimeRange } from '../../tasks/navigation'; +import { visit, visitGetStartedPage, visitWithTimeRange } from '../../tasks/navigation'; import { navigateFromHeaderTo } from '../../tasks/security_header'; import { @@ -61,6 +62,15 @@ import { POLICIES_URL, ENTITY_ANALYTICS_URL, INDICATORS_URL, + DISCOVER_URL, + RULES_LANDING_URL, + RULES_COVERAGE_URL, + INVESTIGATIONS_URL, + OSQUERY_URL, + MACHINE_LEARNING_LANDING_URL, + ASSETS_URL, + FLEET_URL, + CLOUD_DEFEND_URL, } from '../../urls/navigation'; import { RULES_MANAGEMENT_URL } from '../../urls/rules_management'; import { @@ -247,3 +257,144 @@ describe('Kibana navigation to all pages in the Security app ', { tags: '@ess' } cy.url().should('include', MANAGE_URL); }); }); + +describe('Serverless side navigation links', { tags: '@serverless' }, () => { + beforeEach(() => { + login(); + visitGetStartedPage(); + }); + + it('navigates to the Discover page', () => { + navigateFromHeaderTo(ServerlessHeaders.DISCOVER, true); + cy.url().should('include', DISCOVER_URL); + }); + + it('navigates to the Dashboards landing page', () => { + navigateFromHeaderTo(ServerlessHeaders.DASHBOARDS, true); + cy.url().should('include', DASHBOARDS_URL); + }); + + it('navigates to the Overview page', () => { + navigateFromHeaderTo(ServerlessHeaders.OVERVIEW, true); + cy.url().should('include', OVERVIEW_URL); + }); + + it('navigates to the Detection & Response page', () => { + navigateFromHeaderTo(ServerlessHeaders.DETECTION_RESPONSE, true); + cy.url().should('include', DETECTION_AND_RESPONSE_URL); + }); + + it('navigates to the Entity Analytics page', () => { + navigateFromHeaderTo(ServerlessHeaders.ENTITY_ANALYTICS, true); + cy.url().should('include', ENTITY_ANALYTICS_URL); + }); + + it('navigates to the Kubernetes page', () => { + navigateFromHeaderTo(ServerlessHeaders.KUBERNETES, true); + cy.url().should('include', KUBERNETES_URL); + }); + + it('navigates to the CSP dashboard page', () => { + navigateFromHeaderTo(ServerlessHeaders.CSP_DASHBOARD, true); + cy.url().should('include', CSP_DASHBOARD_URL); + }); + + it('navigates to the Rules landing page', () => { + navigateFromHeaderTo(ServerlessHeaders.RULES_LANDING, true); + cy.url().should('include', RULES_LANDING_URL); + }); + it('navigates to the Rules page', () => { + navigateFromHeaderTo(ServerlessHeaders.RULES, true); + cy.url().should('include', RULES_MANAGEMENT_URL); + }); + + it('navigates to the Rules page', () => { + navigateFromHeaderTo(ServerlessHeaders.CSP_BENCHMARKS, true); + cy.url().should('include', CSP_BENCHMARKS_URL); + }); + + it('navigates to the Exceptions page', () => { + navigateFromHeaderTo(ServerlessHeaders.EXCEPTIONS, true); + cy.url().should('include', EXCEPTIONS_URL); + }); + + it('navigates to the Rules coverage page', () => { + navigateFromHeaderTo(ServerlessHeaders.RULES_COVERAGE, true); + cy.url().should('include', RULES_COVERAGE_URL); + }); + + it('navigates to the Alerts page', () => { + navigateFromHeaderTo(ServerlessHeaders.ALERTS, true); + cy.url().should('include', ALERTS_URL); + }); + + it('navigates to the Findings page', () => { + navigateFromHeaderTo(ServerlessHeaders.CSP_FINDINGS, true); + cy.url().should('include', CSP_FINDINGS_URL); + }); + + it('navigates to the Cases page', () => { + navigateFromHeaderTo(ServerlessHeaders.CASES, true); + cy.url().should('include', CASES_URL); + }); + + it('navigates to the Investigations page', () => { + navigateFromHeaderTo(ServerlessHeaders.INVESTIGATIONS, true); + cy.url().should('include', INVESTIGATIONS_URL); + }); + + it('navigates to the Timelines page', () => { + navigateFromHeaderTo(ServerlessHeaders.TIMELINES, true); + cy.url().should('include', TIMELINES_URL); + }); + it('navigates to the Osquery page', () => { + navigateFromHeaderTo(ServerlessHeaders.OSQUERY, true); + cy.url().should('include', OSQUERY_URL); + }); + + it('navigates to the Indicators page', () => { + navigateFromHeaderTo(ServerlessHeaders.THREAT_INTELLIGENCE, true); + cy.url().should('include', INDICATORS_URL); + }); + + it('navigates to the Explore landing page', () => { + navigateFromHeaderTo(ServerlessHeaders.EXPLORE, true); + cy.url().should('include', EXPLORE_URL); + }); + + it('navigates to the Hosts page', () => { + navigateFromHeaderTo(ServerlessHeaders.HOSTS, true); + cy.url().should('include', hostsUrl('allHosts')); + }); + + it('navigates to the Network page', () => { + navigateFromHeaderTo(ServerlessHeaders.NETWORK, true); + cy.url().should('include', NETWORK_URL); + }); + + it('navigates to the Users page', () => { + navigateFromHeaderTo(ServerlessHeaders.USERS, true); + cy.url().should('include', USERS_URL); + }); + + it('navigates to the Assets page', () => { + navigateFromHeaderTo(ServerlessHeaders.ASSETS, true); + cy.url().should('include', ASSETS_URL); + }); + it('navigates to the Endpoints page', () => { + navigateFromHeaderTo(ServerlessHeaders.ENDPOINTS, true); + cy.url().should('include', ENDPOINTS_URL); + }); + it('navigates to the Fleet page', () => { + navigateFromHeaderTo(ServerlessHeaders.FLEET, true); + cy.url().should('include', FLEET_URL); + }); + it('navigates to the Cloud defend page', () => { + navigateFromHeaderTo(ServerlessHeaders.CLOUD_DEFEND, true); + cy.url().should('include', CLOUD_DEFEND_URL); + }); + it('navigates to the Machine learning landing page', () => { + navigateFromHeaderTo(ServerlessHeaders.MACHINE_LEARNING, true); + cy.url().should('include', MACHINE_LEARNING_LANDING_URL); + }); +}); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/header/search_bar.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/navigation/search_bar.cy.ts similarity index 100% rename from x-pack/test/security_solution_cypress/cypress/e2e/header/search_bar.cy.ts rename to x-pack/test/security_solution_cypress/cypress/e2e/navigation/search_bar.cy.ts diff --git a/x-pack/test/security_solution_cypress/cypress/screens/serverless_security_header.ts b/x-pack/test/security_solution_cypress/cypress/screens/serverless_security_header.ts index 11885714a0dda..4ac4463ae4db1 100644 --- a/x-pack/test/security_solution_cypress/cypress/screens/serverless_security_header.ts +++ b/x-pack/test/security_solution_cypress/cypress/screens/serverless_security_header.ts @@ -6,28 +6,33 @@ */ // main panels links -export const DASHBOARDS = '[data-test-subj$="nav-item-deepLinkId-securitySolutionUI:dashboards"]'; +export const DASHBOARDS = '[data-test-subj*="nav-item-deepLinkId-securitySolutionUI:dashboards"]'; export const DASHBOARDS_PANEL_BTN = '[data-test-subj*="panelOpener-deepLinkId-securitySolutionUI:dashboards"]'; export const INVESTIGATIONS = - '[data-test-subj$="nav-item-deepLinkId-securitySolutionUI:investigations"]'; + '[data-test-subj*="nav-item-deepLinkId-securitySolutionUI:investigations"]'; export const INVESTIGATIONS_PANEL_BTN = '[data-test-subj*="panelOpener-deepLinkId-securitySolutionUI:investigations"]'; -export const EXPLORE = '[data-test-subj$="nav-item-deepLinkId-securitySolutionUI:explore"]'; +export const EXPLORE = '[data-test-subj*="nav-item-deepLinkId-securitySolutionUI:explore"]'; export const EXPLORE_PANEL_BTN = '[data-test-subj*="panelOpener-deepLinkId-securitySolutionUI:explore"]'; export const RULES_LANDING = - '[data-test-subj$="nav-item-deepLinkId-securitySolutionUI:rules-landing"]'; + '[data-test-subj*="nav-item-deepLinkId-securitySolutionUI:rules-landing"]'; export const RULES_PANEL_BTN = '[data-test-subj*="panelOpener-deepLinkId-securitySolutionUI:rules-landing"]'; -export const ASSETS = '[data-test-subj$="nav-item-deepLinkId-securitySolutionUI:assets"]'; +export const ASSETS = '[data-test-subj*="nav-item-deepLinkId-securitySolutionUI:assets"]'; export const ASSETS_PANEL_BTN = '[data-test-subj*="panelOpener-deepLinkId-securitySolutionUI:assets"]'; +export const MACHINE_LEARNING = + '[data-test-subj*="nav-item-deepLinkId-securitySolutionUI:machine_learning-landing"]'; +export const MACHINE_LEARNING_BTN = + '[data-test-subj*="panelOpener-deepLinkId-securitySolutionUI:machine_learning-landing"]'; + // main direct links export const DISCOVER = '[data-test-subj*="nav-item-deepLinkId-discover"]'; @@ -36,10 +41,12 @@ export const ALERTS = '[data-test-subj*="nav-item-deepLinkId-securitySolutionUI: export const CSP_FINDINGS = '[data-test-subj*="nav-item-deepLinkId-securitySolutionUI:cloud_security_posture-findings"]'; -export const CASES = '[data-test-subj*="nav-item-deepLinkId-securitySolutionUI:cases"]'; +export const THREAT_INTELLIGENCE = + '[data-test-subj*="nav-item-deepLinkId-securitySolutionUI:threat_intelligence"]'; -// nested links +export const CASES = '[data-test-subj*="nav-item-deepLinkId-securitySolutionUI:cases"]'; +// nested panel links export const OVERVIEW = '[data-test-subj="solutionSideNavPanelLink-overview"]'; export const DETECTION_RESPONSE = '[data-test-subj="solutionSideNavPanelLink-detection_response"]'; @@ -47,6 +54,7 @@ export const DETECTION_RESPONSE = '[data-test-subj="solutionSideNavPanelLink-det export const ENTITY_ANALYTICS = '[data-test-subj="solutionSideNavPanelLink-entity_analytics"]'; export const TIMELINES = '[data-test-subj="solutionSideNavPanelLink-timelines"]'; +export const OSQUERY = '[data-test-subj="solutionSideNavPanelLink-osquery:"]'; export const KUBERNETES = '[data-test-subj="solutionSideNavPanelLink-kubernetes"]'; @@ -55,7 +63,9 @@ export const CSP_DASHBOARD = export const HOSTS = '[data-test-subj="solutionSideNavPanelLink-hosts"]'; +export const FLEET = '[data-test-subj="solutionSideNavPanelLink-fleet:"]'; export const ENDPOINTS = '[data-test-subj="solutionSideNavPanelLink-endpoints"]'; +export const CLOUD_DEFEND = '[data-test-subj="solutionSideNavPanelLink-cloud_defend"]'; export const POLICIES = '[data-test-subj="solutionSideNavPanelLink-policy"]'; @@ -68,20 +78,23 @@ export const BLOCKLIST = '[data-test-subj="solutionSideNavPanelLink-blocklist"]' export const CSP_BENCHMARKS = '[data-test-subj="solutionSideNavPanelLink-cloud_security_posture-benchmarks"]'; +export const RULES_COVERAGE = '[data-test-subj="solutionSideNavPanelLink-coverage-overview"]'; + export const NETWORK = '[data-test-subj="solutionSideNavPanelLink-network"]'; export const USERS = '[data-test-subj="solutionSideNavPanelLink-users"]'; -export const INDICATORS = '[data-test-subj="solutionSideNavItemLink-threat_intelligence"]'; - export const RULES = '[data-test-subj="solutionSideNavPanelLink-rules"]'; export const EXCEPTIONS = '[data-test-subj="solutionSideNavPanelLink-exceptions"]'; +export const getBreadcrumb = (deepLinkId: string) => { + return `breadcrumb-deepLinkId-${deepLinkId}`; +}; // opens the navigation panel for a given nested link -export const openNavigationPanelFor = (page: string) => { +export const openNavigationPanelFor = (pageName: string) => { let panel; - switch (page) { + switch (pageName) { case OVERVIEW: case DETECTION_RESPONSE: case KUBERNETES: @@ -90,23 +103,27 @@ export const openNavigationPanelFor = (page: string) => { panel = DASHBOARDS_PANEL_BTN; break; } + case RULES: + case CSP_BENCHMARKS: + case EXCEPTIONS: + case RULES_COVERAGE: { + panel = RULES_PANEL_BTN; + break; + } + case TIMELINES: + case OSQUERY: { + panel = INVESTIGATIONS_PANEL_BTN; + break; + } case HOSTS: case NETWORK: case USERS: { panel = EXPLORE_PANEL_BTN; break; } - case RULES: - case EXCEPTIONS: - case CSP_BENCHMARKS: { - panel = RULES_PANEL_BTN; - break; - } + case FLEET: case ENDPOINTS: - case TRUSTED_APPS: - case EVENT_FILTERS: - case POLICIES: - case BLOCKLIST: { + case CLOUD_DEFEND: { panel = ASSETS_PANEL_BTN; break; } @@ -117,6 +134,6 @@ export const openNavigationPanelFor = (page: string) => { }; // opens the navigation panel of a main link -export const openNavigationPanel = (page: string) => { - cy.get(page).click(); +export const openNavigationPanel = (pageName: string) => { + cy.get(pageName).click(); }; diff --git a/x-pack/test/security_solution_cypress/cypress/tasks/navigation.ts b/x-pack/test/security_solution_cypress/cypress/tasks/navigation.ts index 20e34387d7f12..b7c6f55386c3f 100644 --- a/x-pack/test/security_solution_cypress/cypress/tasks/navigation.ts +++ b/x-pack/test/security_solution_cypress/cypress/tasks/navigation.ts @@ -9,7 +9,7 @@ import { encode } from '@kbn/rison'; import { NEW_FEATURES_TOUR_STORAGE_KEYS } from '@kbn/security-solution-plugin/common/constants'; import type { SecurityRoleName } from '@kbn/security-solution-plugin/common/test'; -import { hostDetailsUrl, userDetailsUrl } from '../urls/navigation'; +import { GET_STARTED_URL, hostDetailsUrl, userDetailsUrl } from '../urls/navigation'; import { constructUrlWithUser, getUrlWithRoute, User } from './login'; export const visit = ( @@ -87,6 +87,11 @@ export const visitHostDetailsPage = (hostName = 'suricata-iowa') => { cy.get('[data-test-subj="loading-spinner"]').should('not.exist'); }; +export const visitGetStartedPage = () => { + visit(GET_STARTED_URL); + cy.get('#security-solution-app').should('exist'); +}; + export const visitUserDetailsPage = (userName = 'test') => { visitWithTimeRange(userDetailsUrl(userName)); }; diff --git a/x-pack/test/security_solution_cypress/cypress/tasks/security_header.ts b/x-pack/test/security_solution_cypress/cypress/tasks/security_header.ts index 4cca17aa18dae..73549d9ed052c 100644 --- a/x-pack/test/security_solution_cypress/cypress/tasks/security_header.ts +++ b/x-pack/test/security_solution_cypress/cypress/tasks/security_header.ts @@ -7,6 +7,7 @@ import { TOASTER } from '../screens/alerts_detection_rules'; import { KQL_INPUT, openNavigationPanelFor, REFRESH_BUTTON } from '../screens/security_header'; +import { openNavigationPanelFor as openServerlessNavigationPanelFor } from '../screens/serverless_security_header'; export const clearSearchBar = () => { cy.get(KQL_INPUT).clear(); @@ -17,9 +18,13 @@ export const kqlSearch = (search: string) => { cy.get(KQL_INPUT).type(search, { force: true }); }; -export const navigateFromHeaderTo = (page: string) => { - openNavigationPanelFor(page); - cy.get(page).click({ force: true }); +export const navigateFromHeaderTo = (page: string, isServerless: boolean = false) => { + if (isServerless) { + openServerlessNavigationPanelFor(page); + } else { + openNavigationPanelFor(page); + } + cy.get(page).click(); }; export const refreshPage = () => { diff --git a/x-pack/test/security_solution_cypress/cypress/urls/navigation.ts b/x-pack/test/security_solution_cypress/cypress/urls/navigation.ts index b63e785c96750..65c87efcc61b9 100644 --- a/x-pack/test/security_solution_cypress/cypress/urls/navigation.ts +++ b/x-pack/test/security_solution_cypress/cypress/urls/navigation.ts @@ -10,10 +10,13 @@ export const KIBANA_SAVED_OBJECTS = '/app/management/kibana/objects'; export const LOGOUT_URL = '/logout'; // Common +export const GET_STARTED_URL = '/app/security/get_started'; export const MANAGE_URL = '/app/security/manage'; export const DASHBOARDS_URL = '/app/security/dashboards'; +export const ASSETS_URL = '/app/security/assets'; export const ENDPOINTS_URL = '/app/security/administration/endpoints'; +export const CLOUD_DEFEND_URL = '/app/security/cloud_defend'; export const POLICIES_URL = '/app/security/administration/policy'; export const USERS_URL = '/app/security/users/allUsers'; export const TRUSTED_APPS_URL = '/app/security/administration/trusted_apps'; @@ -23,6 +26,9 @@ export const CSP_BENCHMARKS_URL = '/app/security/cloud_security_posture/benchmar export const CSP_DASHBOARD_URL = '/app/security/cloud_security_posture/dashboard'; export const CSP_FINDINGS_URL = '/app/security/cloud_security_posture/findings/vulnerabilities'; +export const RULES_LANDING_URL = '/app/security/rules/landing'; +export const RULES_COVERAGE_URL = '/app/security/rules_coverage_overview'; + export const NETWORK_URL = '/app/security/network/flows'; export const OVERVIEW_URL = '/app/security/overview'; @@ -34,6 +40,7 @@ export const EXPLORE_URL = '/app/security/explore'; export const userDetailsUrl = (userName: string) => `/app/security/users/name/${userName}/authentications`; +export const INVESTIGATIONS_URL = '/app/security/investigations'; export const TIMELINES_URL = '/app/security/timelines/default'; export const TIMELINE_TEMPLATES_URL = '/app/security/timelines/template'; export const CASES_URL = '/app/security/cases'; @@ -49,6 +56,8 @@ export const DISCOVER_WITH_PINNED_FILTER_URL = export const hostDetailsUrl = (hostName: string) => `/app/security/hosts/${hostName}/authentications`; +export const MACHINE_LEARNING_LANDING_URL = '/app/security/ml'; + // Detection and Response export const DETECTION_AND_RESPONSE_URL = '/app/security/detection_response'; export const ALERTS_URL = '/app/security/alerts'; @@ -58,3 +67,8 @@ export const ENTITY_ANALYTICS_MANAGEMENT_URL = '/app/security/entity_analytics_m export const exceptionsListDetailsUrl = (listId: string) => `/app/security/exceptions/details/${listId}`; + +// External (serverless) +export const DISCOVER_URL = '/app/discover'; +export const OSQUERY_URL = '/app/osquery'; +export const FLEET_URL = '/app/fleet'; diff --git a/x-pack/test_serverless/shared/lib/security/kibana_roles/project_controller_security_roles.yml b/x-pack/test_serverless/shared/lib/security/kibana_roles/project_controller_security_roles.yml index 1444b818b10ee..ec957fb99f527 100644 --- a/x-pack/test_serverless/shared/lib/security/kibana_roles/project_controller_security_roles.yml +++ b/x-pack/test_serverless/shared/lib/security/kibana_roles/project_controller_security_roles.yml @@ -46,6 +46,12 @@ viewer: - feature_actions.read - feature_builtInAlerts.read - feature_osquery.read + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all resources: "*" run_as: [] @@ -108,6 +114,12 @@ editor: - feature_actions.read - feature_builtInAlerts.all - feature_osquery.all + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all resources: "*" run_as: [] @@ -148,6 +160,12 @@ t1_analyst: - feature_builtInAlerts.read - feature_osquery.read - feature_osquery.run_saved_queries + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all resources: "*" t2_analyst: @@ -189,6 +207,12 @@ t2_analyst: - feature_builtInAlerts.read - feature_osquery.read - feature_osquery.run_saved_queries + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all resources: "*" t3_analyst: @@ -246,6 +270,12 @@ t3_analyst: - feature_actions.read - feature_builtInAlerts.all - feature_osquery.all + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all resources: "*" threat_intelligence_analyst: @@ -290,6 +320,12 @@ threat_intelligence_analyst: - feature_actions.read - feature_builtInAlerts.read - feature_osquery.all + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all resources: "*" rule_author: @@ -348,6 +384,12 @@ rule_author: - feature_actions.read - feature_builtInAlerts.all - feature_osquery.all + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all resources: "*" soc_manager: @@ -410,6 +452,12 @@ soc_manager: - feature_builtInAlerts.all - feature_osquery.all - feature_indexPatterns.all + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all resources: "*" detections_admin: @@ -455,6 +503,12 @@ detections_admin: - feature_actions.all - feature_builtInAlerts.all - feature_dev_tools.all + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all resources: "*" platform_engineer: @@ -500,6 +554,12 @@ platform_engineer: - feature_fleetv2.all - feature_osquery.all - feature_indexPatterns.all + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all resources: "*" endpoint_operations_analyst: @@ -556,6 +616,12 @@ endpoint_operations_analyst: - feature_osquery.all - feature_fleet.all - feature_fleetv2.all + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all resources: "*" endpoint_policy_manager: @@ -609,4 +675,10 @@ endpoint_policy_manager: - feature_osquery.all - feature_fleet.all - feature_fleetv2.all + - feature_discover.all + - feature_dashboard.all + - feature_canvas.all + - feature_graph.all + - feature_maps.all + - feature_visualize.all resources: "*"