updates tests

x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/model/rule_assets/prebuilt_rule_asset.mock.ts

@@ -18,6 +18,7 @@ export const getPrebuiltRuleMock = (rewrites?: Partial<PrebuiltRuleAsset>): Preb
     language: 'kuery',
     rule_id: 'rule-1',
     version: 1,
+    author: [],
     ...rewrites,
   } as PrebuiltRuleAsset);
 
@@ -51,6 +52,7 @@ export const getPrebuiltThreatMatchRuleMock = (): PrebuiltRuleAsset => ({
   language: 'kuery',
   rule_id: 'rule-1',
   version: 1,
+  author: [],
   threat_query: '*:*',
   threat_index: ['list-index'],
   threat_mapping: [

x-pack/test/security_solution_api_integration/test_suites/detections_response/telemetry/trial_license_complete_tier/usage_collector/detection_rules.ts

@@ -31,6 +31,7 @@ import {
   getRuleSavedObjectWithLegacyInvestigationFields,
   getRuleSavedObjectWithLegacyInvestigationFieldsEmptyArray,
   createRuleThroughAlertingEndpoint,
+  getCustomQueryRuleParams,
 } from '../../../utils';
 import {
   createRule,
@@ -1140,7 +1141,7 @@ export default ({ getService }: FtrProviderContext) => {
         await installMockPrebuiltRules(supertest, es);
         const immutableRule = await fetchRule(supertest, { ruleId: ELASTIC_SECURITY_RULE_ID });
         const hookAction = await createWebHookRuleAction(supertest);
-        const newRuleToUpdate = getSimpleRule(immutableRule.rule_id);
+        const newRuleToUpdate = getCustomQueryRuleParams({ rule_id: immutableRule.rule_id });
         const ruleToUpdate = getRuleWithWebHookAction(hookAction.id, false, newRuleToUpdate);
         await updateRule(supertest, ruleToUpdate);
 
@@ -1161,7 +1162,7 @@ export default ({ getService }: FtrProviderContext) => {
             ...omittedFields
           } = foundRule;
           expect(omittedFields).to.eql({
-            rule_name: 'Simple Rule Query',
+            rule_name: 'Custom query rule',
             rule_type: 'query',
             enabled: false,
             elastic_rule: true,
@@ -1197,7 +1198,7 @@ export default ({ getService }: FtrProviderContext) => {
         await installMockPrebuiltRules(supertest, es);
         const immutableRule = await fetchRule(supertest, { ruleId: ELASTIC_SECURITY_RULE_ID });
         const hookAction = await createWebHookRuleAction(supertest);
-        const newRuleToUpdate = getSimpleRule(immutableRule.rule_id);
+        const newRuleToUpdate = getCustomQueryRuleParams({ rule_id: immutableRule.rule_id });
         const ruleToUpdate = getRuleWithWebHookAction(hookAction.id, true, newRuleToUpdate);
         await updateRule(supertest, ruleToUpdate);
 
@@ -1218,7 +1219,7 @@ export default ({ getService }: FtrProviderContext) => {
             ...omittedFields
           } = foundRule;
           expect(omittedFields).to.eql({
-            rule_name: 'Simple Rule Query',
+            rule_name: 'Custom query rule',
             rule_type: 'query',
             enabled: true,
             elastic_rule: true,
@@ -1254,7 +1255,7 @@ export default ({ getService }: FtrProviderContext) => {
         await installMockPrebuiltRules(supertest, es);
         const immutableRule = await fetchRule(supertest, { ruleId: ELASTIC_SECURITY_RULE_ID });
         const hookAction = await createWebHookRuleAction(supertest);
-        const newRuleToUpdate = getSimpleRule(immutableRule.rule_id, false);
+        const newRuleToUpdate = getCustomQueryRuleParams({ rule_id: immutableRule.rule_id });
         await updateRule(supertest, newRuleToUpdate);
         await createLegacyRuleAction(supertest, immutableRule.id, hookAction.id);
 
@@ -1275,7 +1276,7 @@ export default ({ getService }: FtrProviderContext) => {
             ...omittedFields
           } = foundRule;
           expect(omittedFields).to.eql({
-            rule_name: 'Simple Rule Query',
+            rule_name: 'Custom query rule',
             rule_type: 'query',
             enabled: false,
             elastic_rule: true,
@@ -1311,7 +1312,10 @@ export default ({ getService }: FtrProviderContext) => {
         await installMockPrebuiltRules(supertest, es);
         const immutableRule = await fetchRule(supertest, { ruleId: ELASTIC_SECURITY_RULE_ID });
         const hookAction = await createWebHookRuleAction(supertest);
-        const newRuleToUpdate = getSimpleRule(immutableRule.rule_id, true);
+        const newRuleToUpdate = getCustomQueryRuleParams({
+          rule_id: immutableRule.rule_id,
+          enabled: true,
+        });
         await updateRule(supertest, newRuleToUpdate);
         await createLegacyRuleAction(supertest, immutableRule.id, hookAction.id);
 
@@ -1332,7 +1336,7 @@ export default ({ getService }: FtrProviderContext) => {
             ...omittedFields
           } = foundRule;
           expect(omittedFields).to.eql({
-            rule_name: 'Simple Rule Query',
+            rule_name: 'Custom query rule',
             rule_type: 'query',
             enabled: true,
             elastic_rule: true,

x-pack/test/security_solution_api_integration/test_suites/detections_response/telemetry/trial_license_complete_tier/usage_collector/detection_rules_legacy_action.ts

@@ -21,13 +21,13 @@ import {
   fetchRule,
   getRuleWithWebHookAction,
   getSimpleMlRule,
-  getSimpleRule,
   getSimpleThreatMatch,
   getStats,
   getThresholdRuleForAlertTesting,
   installMockPrebuiltRules,
   updateRule,
   deleteAllEventLogExecutionEvents,
+  getCustomQueryRuleParams,
 } from '../../../utils';
 import {
   createRule,
@@ -408,7 +408,7 @@ export default ({ getService }: FtrProviderContext) => {
         await installMockPrebuiltRules(supertest, es);
         const immutableRule = await fetchRule(supertest, { ruleId: ELASTIC_SECURITY_RULE_ID });
         const hookAction = await createWebHookRuleAction(supertest);
-        const newRuleToUpdate = getSimpleRule(immutableRule.rule_id, false);
+        const newRuleToUpdate = getCustomQueryRuleParams({ rule_id: immutableRule.rule_id });
         await updateRule(supertest, newRuleToUpdate);
         await createLegacyRuleAction(supertest, immutableRule.id, hookAction.id);
 
@@ -429,7 +429,7 @@ export default ({ getService }: FtrProviderContext) => {
             ...omittedFields
           } = foundRule;
           expect(omittedFields).to.eql({
-            rule_name: 'Simple Rule Query',
+            rule_name: 'Custom query rule',
             rule_type: 'query',
             enabled: false,
             elastic_rule: true,
@@ -465,7 +465,10 @@ export default ({ getService }: FtrProviderContext) => {
         await installMockPrebuiltRules(supertest, es);
         const immutableRule = await fetchRule(supertest, { ruleId: ELASTIC_SECURITY_RULE_ID });
         const hookAction = await createWebHookRuleAction(supertest);
-        const newRuleToUpdate = getSimpleRule(immutableRule.rule_id, true);
+        const newRuleToUpdate = getCustomQueryRuleParams({
+          rule_id: immutableRule.rule_id,
+          enabled: true,
+        });
         await updateRule(supertest, newRuleToUpdate);
         await createLegacyRuleAction(supertest, immutableRule.id, hookAction.id);
 
@@ -486,7 +489,7 @@ export default ({ getService }: FtrProviderContext) => {
             ...omittedFields
           } = foundRule;
           expect(omittedFields).to.eql({
-            rule_name: 'Simple Rule Query',
+            rule_name: 'Custom query rule',
             rule_type: 'query',
             enabled: true,
             elastic_rule: true,