improves 'Creates and activates a new custom rule with override optio…

…n' test
elastic · Sep 15, 2020 · 0b5afe1 · 0b5afe1
1 parent 5e3f5d5
commit 0b5afe1
Show file tree

Hide file tree

Showing 6 changed files with 60 additions and 10 deletions.
diff --git a/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_custom.spec.ts b/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_custom.spec.ts
@@ -8,6 +8,7 @@ import { newRule } from '../objects/rule';
 import {
   ALERT_RULE_METHOD,
   ALERT_RULE_NAME,
+  ALERT_RULE_RISK_SCORE,
   ALERT_RULE_SEVERITY,
   ALERT_RULE_VERSION,
   NUMBER_OF_ALERTS,
@@ -200,9 +201,7 @@ describe('Detection rules, custom', () => {
     cy.get(ALERT_RULE_VERSION).first().should('have.text', '1');
     cy.get(ALERT_RULE_METHOD).first().should('have.text', 'query');
     cy.get(ALERT_RULE_SEVERITY).first().should('have.text', newRule.severity.toLowerCase());
-    cy.get('[data-test-subj="draggable-content-signal.rule.risk_score"]')
-      .first()
-      .should('have.text', newRule.riskScore);
+    cy.get(ALERT_RULE_RISK_SCORE).first().should('have.text', newRule.riskScore);
   });
 });
 

diff --git a/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_override.spec.ts b/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_override.spec.ts
@@ -5,6 +5,14 @@
  */
 
 import { newOverrideRule } from '../objects/rule';
+import {
+  NUMBER_OF_ALERTS,
+  ALERT_RULE_NAME,
+  ALERT_RULE_VERSION,
+  ALERT_RULE_METHOD,
+  ALERT_RULE_SEVERITY,
+  ALERT_RULE_RISK_SCORE,
+} from '../screens/alerts';
 
 import {
   CUSTOM_RULES_BTN,
@@ -36,13 +44,14 @@ import {
   INVESTIGATION_NOTES_TOGGLE,
   RULE_ABOUT_DETAILS_HEADER_TOGGLE,
   RULE_NAME_HEADER,
-  SCHEDULE_LOOPBACK,
+  SCHEDULE_LOOKBACK,
   SCHEDULE_RUNS,
   SCHEDULE_STEP,
 } from '../screens/rule_details';
 
 import {
   goToManageAlertsDetectionRules,
+  sortRiskScore,
   waitForAlertsIndexToBeCreated,
   waitForAlertsPanelToBeLoaded,
 } from '../tasks/alerts';
@@ -58,9 +67,12 @@ import {
   createAndActivateRule,
   fillAboutRuleWithOverrideAndContinue,
   fillDefineCustomRuleWithImportedQueryAndContinue,
+  fillScheduleRuleAndContinue,
+  waitForTheRuleToBeExecuted,
 } from '../tasks/create_new_rule';
 import { esArchiverLoad, esArchiverUnload } from '../tasks/es_archiver';
 import { loginAndWaitForPageWithoutDateRange } from '../tasks/login';
+import { refreshPage } from '../tasks/security_header';
 
 import { DETECTIONS_URL } from '../urls/navigation';
 
@@ -82,8 +94,12 @@ describe('Detection rules, override', () => {
     goToCreateNewRule();
     fillDefineCustomRuleWithImportedQueryAndContinue(newOverrideRule);
     fillAboutRuleWithOverrideAndContinue(newOverrideRule);
+    fillScheduleRuleAndContinue(newOverrideRule);
     createAndActivateRule();
 
+    esArchiverLoad('auditbeat');
+    waitForTheRuleToBeExecuted(newOverrideRule);
+
     cy.get(CUSTOM_RULES_BTN).invoke('text').should('eql', 'Custom rules (1)');
 
     changeToThreeHundredRowsPerPage();
@@ -190,7 +206,29 @@ describe('Detection rules, override', () => {
       .should('eql', `${newOverrideRule.customQuery} `);
     cy.get(DEFINITION_STEP).eq(DEFINITION_TIMELINE).invoke('text').should('eql', 'None');
 
-    cy.get(SCHEDULE_STEP).eq(SCHEDULE_RUNS).invoke('text').should('eql', '5m');
-    cy.get(SCHEDULE_STEP).eq(SCHEDULE_LOOPBACK).invoke('text').should('eql', '1m');
+    cy.get(SCHEDULE_STEP)
+      .eq(SCHEDULE_RUNS)
+      .invoke('text')
+      .should('eql', `${newOverrideRule.runsEvery.interval}${newOverrideRule.runsEvery.type}`);
+    cy.get(SCHEDULE_STEP)
+      .eq(SCHEDULE_LOOKBACK)
+      .invoke('text')
+      .should('eql', `${newOverrideRule.lookBack.interval}${newOverrideRule.lookBack.type}`);
+
+    refreshPage();
+
+    cy.get(NUMBER_OF_ALERTS)
+      .invoke('text')
+      .then((numberOfAlertsText) => {
+        cy.wrap(parseInt(numberOfAlertsText, 10)).should('be.above', 0);
+      });
+    cy.get(ALERT_RULE_NAME).first().should('have.text', 'auditbeat');
+    cy.get(ALERT_RULE_VERSION).first().should('have.text', '1');
+    cy.get(ALERT_RULE_METHOD).first().should('have.text', 'query');
+    cy.get(ALERT_RULE_SEVERITY).first().should('have.text', 'critical');
+
+    sortRiskScore();
+
+    cy.get(ALERT_RULE_RISK_SCORE).first().should('have.text', '80');
   });
 });
diff --git a/x-pack/plugins/security_solution/cypress/objects/rule.ts b/x-pack/plugins/security_solution/cypress/objects/rule.ts
@@ -89,8 +89,8 @@ const severityOverride1: SeverityOverride = {
 };
 
 const severityOverride2: SeverityOverride = {
-  sourceField: 'agent.type',
-  sourceValue: 'endpoint',
+  sourceField: '@timestamp',
+  sourceValue: '10/02/2020',
 };
 
 const severityOverride3: SeverityOverride = {
@@ -99,8 +99,8 @@ const severityOverride3: SeverityOverride = {
 };
 
 const severityOverride4: SeverityOverride = {
-  sourceField: '@timestamp',
-  sourceValue: '10/02/2020',
+  sourceField: 'agent.type',
+  sourceValue: 'auditbeat',
 };
 
 const runsEvery: Interval = {

diff --git a/x-pack/plugins/security_solution/cypress/screens/alerts.ts b/x-pack/plugins/security_solution/cypress/screens/alerts.ts
@@ -10,6 +10,8 @@ export const ALERT_CHECKBOX = '[data-test-subj="select-event-container"] .euiChe
 
 export const ALERT_ID = '[data-test-subj="draggable-content-_id"]';
 
+export const ALERT_RISK_SCORE_HEADER = '[data-test-subj="header-text-signal.rule.risk_score"]';
+
 export const ALERT_RULE_METHOD = '[data-test-subj="draggable-content-signal.rule.type"]';
 
 export const ALERT_RULE_NAME = '[data-test-subj="draggable-content-signal.rule.name"]';

diff --git a/x-pack/plugins/security_solution/cypress/tasks/alerts.ts b/x-pack/plugins/security_solution/cypress/tasks/alerts.ts
@@ -22,8 +22,10 @@ import {
   OPEN_SELECTED_ALERTS_BTN,
   MARK_ALERT_IN_PROGRESS_BTN,
   MARK_SELECTED_ALERTS_IN_PROGRESS_BTN,
+  ALERT_RISK_SCORE_HEADER,
 } from '../screens/alerts';
 import { REFRESH_BUTTON } from '../screens/security_header';
+import { waitForThePageToBeUpdated } from './security_header';
 
 export const closeFirstAlert = () => {
   cy.get(TIMELINE_CONTEXT_MENU_BTN).first().click({ force: true });
@@ -81,6 +83,11 @@ export const selectNumberOfAlerts = (numberOfAlerts: number) => {
   }
 };
 
+export const sortRiskScore = () => {
+  cy.get(ALERT_RISK_SCORE_HEADER).click();
+  waitForThePageToBeUpdated();
+};
+
 export const investigateFirstAlertInTimeline = () => {
   cy.get(SEND_ALERT_TO_TIMELINE_BTN).first().click({ force: true });
 };

diff --git a/x-pack/plugins/security_solution/cypress/tasks/security_header.ts b/x-pack/plugins/security_solution/cypress/tasks/security_header.ts
@@ -21,3 +21,7 @@ export const navigateFromHeaderTo = (page: string) => {
 export const refreshPage = () => {
   cy.get(REFRESH_BUTTON).click({ force: true }).invoke('text').should('not.equal', 'Updating');
 };
+
+export const waitForThePageToBeUpdated = () => {
+  cy.get(REFRESH_BUTTON).should('not.equal', 'Updating');
+};