From 9fb16d54c520392b933846e902a7afd9520a8a87 Mon Sep 17 00:00:00 2001
From: Gloria Hornero <snootchie.boochies@gmail.com>
Date: Wed, 13 Oct 2021 15:28:36 +0200
Subject: [PATCH] [Security Solution] [Detections] Improves custom query rule
 upgrade test (#114454)

* improves upgrade test

* fixes type check issues

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
---
 .../cypress/screens/alerts_detection_rules.ts |   4 +
 .../security_solution/cypress/tasks/common.ts |   6 +
 .../custom_query_rule.spec.ts                 | 149 +++++++++++++++---
 x-pack/plugins/security_solution/package.json |   1 +
 4 files changed, 142 insertions(+), 18 deletions(-)

diff --git a/x-pack/plugins/security_solution/cypress/screens/alerts_detection_rules.ts b/x-pack/plugins/security_solution/cypress/screens/alerts_detection_rules.ts
index e4e6a5610fdbe..315796a715cd3 100644
--- a/x-pack/plugins/security_solution/cypress/screens/alerts_detection_rules.ts
+++ b/x-pack/plugins/security_solution/cypress/screens/alerts_detection_rules.ts
@@ -103,3 +103,7 @@ export const RULES_DELETE_CONFIRMATION_MODAL = '[data-test-subj="allRulesDeleteC
 export const MODAL_CONFIRMATION_BTN = '[data-test-subj="confirmModalConfirmButton"]';
 
 export const RULE_DETAILS_DELETE_BTN = '[data-test-subj="rules-details-delete-rule"]';
+
+export const ALERT_DETAILS_CELLS = '[data-test-subj="dataGridRowCell"]';
+
+export const SERVER_SIDE_EVENT_COUNT = '[data-test-subj="server-side-event-count"]';
diff --git a/x-pack/plugins/security_solution/cypress/tasks/common.ts b/x-pack/plugins/security_solution/cypress/tasks/common.ts
index d726d5daa5cbc..d247b787576b0 100644
--- a/x-pack/plugins/security_solution/cypress/tasks/common.ts
+++ b/x-pack/plugins/security_solution/cypress/tasks/common.ts
@@ -7,6 +7,7 @@
 
 import { esArchiverResetKibana } from './es_archiver';
 import { RuleEcs } from '../../common/ecs/rule';
+import { LOADING_INDICATOR } from '../screens/security_header';
 
 const primaryButton = 0;
 
@@ -155,3 +156,8 @@ export const deleteCases = () => {
 };
 
 export const scrollToBottom = () => cy.scrollTo('bottom');
+
+export const waitForPageToBeLoaded = () => {
+  cy.get(LOADING_INDICATOR).should('exist');
+  cy.get(LOADING_INDICATOR).should('not.exist');
+};
diff --git a/x-pack/plugins/security_solution/cypress/upgrade_integration/custom_query_rule.spec.ts b/x-pack/plugins/security_solution/cypress/upgrade_integration/custom_query_rule.spec.ts
index 2718c0735a671..1af7a3f9bed03 100644
--- a/x-pack/plugins/security_solution/cypress/upgrade_integration/custom_query_rule.spec.ts
+++ b/x-pack/plugins/security_solution/cypress/upgrade_integration/custom_query_rule.spec.ts
@@ -5,25 +5,138 @@
  * 2.0.
  */
 
-import { RULE_NAME } from '../screens/alerts_detection_rules';
-
+import { ALERT_DETAILS_CELLS, SERVER_SIDE_EVENT_COUNT } from '../screens/alerts_detection_rules';
 import {
-  goToManageAlertsDetectionRules,
-  waitForAlertsIndexToBeCreated,
-  waitForAlertsPanelToBeLoaded,
-} from '../tasks/alerts';
-import { waitForRulesTableToBeLoaded } from '../tasks/alerts_detection_rules';
-import { loginAndWaitForPageWithoutDateRange } from '../tasks/login';
-
-import { ALERTS_URL } from '../urls/navigation';
-
-describe('After an upgrade, the cusom query rule', () => {
-  it('Displays the rule', function () {
-    loginAndWaitForPageWithoutDateRange(ALERTS_URL);
-    waitForAlertsPanelToBeLoaded();
-    waitForAlertsIndexToBeCreated();
-    goToManageAlertsDetectionRules();
+  ADDITIONAL_LOOK_BACK_DETAILS,
+  ABOUT_DETAILS,
+  ABOUT_RULE_DESCRIPTION,
+  CUSTOM_QUERY_DETAILS,
+  DEFINITION_DETAILS,
+  getDetails,
+  INDEX_PATTERNS_DETAILS,
+  RISK_SCORE_DETAILS,
+  RULE_NAME_HEADER,
+  RULE_TYPE_DETAILS,
+  RUNS_EVERY_DETAILS,
+  SCHEDULE_DETAILS,
+  SEVERITY_DETAILS,
+  TIMELINE_TEMPLATE_DETAILS,
+} from '../screens/rule_details';
+
+import { waitForPageToBeLoaded } from '../tasks/common';
+import { waitForRulesTableToBeLoaded, goToRuleDetails } from '../tasks/alerts_detection_rules';
+import { loginAndWaitForPage } from '../tasks/login';
+
+import { DETECTIONS_RULE_MANAGEMENT_URL } from '../urls/navigation';
+
+const EXPECTED_NUMBER_OF_ALERTS = '1';
+
+const alert = {
+  rule: 'Custom query rule for upgrade',
+  severity: 'low',
+  riskScore: '7',
+  reason:
+    'file event with process test, file The file to test, by Security Solution on security-solution.local created low alert Custom query rule for upgrade.',
+  hostName: 'security-solution.local',
+  username: 'test',
+  processName: 'The file to test',
+  fileName: 'The file to test',
+  sourceIp: '127.0.0.1',
+  destinationIp: '127.0.0.2',
+};
+
+const rule = {
+  customQuery: '*:*',
+  name: 'Custom query rule for upgrade',
+  description: 'My description',
+  index: ['auditbeat-*'],
+  severity: 'Low',
+  riskScore: '7',
+  timelineTemplate: 'none',
+  runsEvery: '10s',
+  lookBack: '179999990s',
+  timeline: 'None',
+};
+
+describe('After an upgrade, the custom query rule', () => {
+  before(() => {
+    loginAndWaitForPage(DETECTIONS_RULE_MANAGEMENT_URL);
     waitForRulesTableToBeLoaded();
-    cy.get(RULE_NAME).should('have.text', 'Custom query rule for upgrade');
+    goToRuleDetails();
+    waitForPageToBeLoaded();
+  });
+
+  it('Has the expected alerts number', () => {
+    cy.get(SERVER_SIDE_EVENT_COUNT).contains(EXPECTED_NUMBER_OF_ALERTS);
+  });
+
+  it('Displays the rule details', () => {
+    cy.get(RULE_NAME_HEADER).should('contain', `${rule.name}`);
+    cy.get(ABOUT_RULE_DESCRIPTION).should('have.text', rule.description);
+    cy.get(ABOUT_DETAILS).within(() => {
+      getDetails(SEVERITY_DETAILS).should('have.text', rule.severity);
+      getDetails(RISK_SCORE_DETAILS).should('have.text', rule.riskScore);
+    });
+    cy.get(DEFINITION_DETAILS).within(() => {
+      getDetails(INDEX_PATTERNS_DETAILS).should('have.text', rule.index.join(''));
+      getDetails(CUSTOM_QUERY_DETAILS).should('have.text', rule.customQuery);
+      getDetails(RULE_TYPE_DETAILS).should('have.text', 'Query');
+      getDetails(TIMELINE_TEMPLATE_DETAILS).should('have.text', rule.timeline);
+    });
+    cy.get(SCHEDULE_DETAILS).within(() => {
+      getDetails(RUNS_EVERY_DETAILS).should('have.text', rule.runsEvery);
+      getDetails(ADDITIONAL_LOOK_BACK_DETAILS).should('have.text', rule.lookBack);
+    });
+  });
+
+  it('Displays the alert details', () => {
+    cy.get(ALERT_DETAILS_CELLS).first().focus();
+    cy.get(ALERT_DETAILS_CELLS).first().type('{rightarrow}');
+    cy.get(ALERT_DETAILS_CELLS)
+      .contains(alert.rule)
+      .then(($el) => {
+        cy.wrap($el).type('{rightarrow}');
+      });
+    cy.get(ALERT_DETAILS_CELLS)
+      .contains(alert.severity)
+      .then(($el) => {
+        cy.wrap($el).type('{rightarrow}');
+      });
+    cy.get(ALERT_DETAILS_CELLS)
+      .contains(alert.riskScore)
+      .then(($el) => {
+        cy.wrap($el).type('{rightarrow}');
+      });
+    cy.get(ALERT_DETAILS_CELLS)
+      .contains(alert.reason)
+      .then(($el) => {
+        cy.wrap($el).type('{rightarrow}');
+      });
+    cy.get(ALERT_DETAILS_CELLS)
+      .contains(alert.hostName)
+      .then(($el) => {
+        cy.wrap($el).type('{rightarrow}');
+      });
+    cy.get(ALERT_DETAILS_CELLS)
+      .contains(alert.username)
+      .then(($el) => {
+        cy.wrap($el).type('{rightarrow}');
+      });
+    cy.get(ALERT_DETAILS_CELLS)
+      .contains(alert.processName)
+      .then(($el) => {
+        cy.wrap($el).type('{rightarrow}');
+      });
+    cy.get(ALERT_DETAILS_CELLS)
+      .contains(alert.fileName)
+      .then(($el) => {
+        cy.wrap($el).type('{rightarrow}');
+      });
+    cy.get(ALERT_DETAILS_CELLS)
+      .contains(alert.sourceIp)
+      .then(($el) => {
+        cy.wrap($el).type('{rightarrow}');
+      });
+    cy.get(ALERT_DETAILS_CELLS).contains(alert.destinationIp);
   });
 });
diff --git a/x-pack/plugins/security_solution/package.json b/x-pack/plugins/security_solution/package.json
index 6aa45a02419ba..371ac66004f48 100644
--- a/x-pack/plugins/security_solution/package.json
+++ b/x-pack/plugins/security_solution/package.json
@@ -11,6 +11,7 @@
     "cypress:open": "yarn cypress open --config-file ./cypress/cypress.json",
     "cypress:open:ccs": "yarn cypress:open --config integrationFolder=./cypress/ccs_integration",
     "cypress:open-as-ci": "node ../../../scripts/functional_tests --config ../../test/security_solution_cypress/visual_config.ts",
+    "cypress:open:upgrade": "yarn cypress:open --config integrationFolder=./cypress/upgrade_integration",
     "cypress:run": "yarn cypress:run:reporter --browser chrome --spec './cypress/integration/**/*.spec.ts'; status=$?; yarn junit:merge && exit $status",
     "cypress:run:firefox": "yarn cypress:run:reporter --browser firefox --spec './cypress/integration/**/*.spec.ts'; status=$?; yarn junit:merge && exit $status",
     "cypress:run:reporter": "yarn cypress run --config-file ./cypress/cypress.json --reporter ../../../node_modules/cypress-multi-reporters --reporter-options configFile=./cypress/reporter_config.json",