diff --git a/x-pack/plugins/security_solution/cypress/integration/detection_alerts/cti_enrichments.spec.ts b/x-pack/plugins/security_solution/cypress/integration/detection_alerts/cti_enrichments.spec.ts index 0e87378f4ef96..0e4dbc9a95f9c 100644 --- a/x-pack/plugins/security_solution/cypress/integration/detection_alerts/cti_enrichments.spec.ts +++ b/x-pack/plugins/security_solution/cypress/integration/detection_alerts/cti_enrichments.spec.ts @@ -75,7 +75,9 @@ describe('CTI Enrichment', () => { it('Displays persisted enrichments on the JSON view', () => { const expectedEnrichment = [ { - feed: {}, + feed: { + name: 'AbuseCH malware', + }, indicator: { first_seen: '2021-03-10T08:02:14.000Z', file: { @@ -113,6 +115,7 @@ describe('CTI Enrichment', () => { it('Displays threat indicator details on the threat intel tab', () => { const expectedThreatIndicatorData = [ + { field: 'feed.name', value: 'AbuseCH malware' }, { field: 'indicator.file.hash.md5', value: '9b6c3518a91d23ed77504b5416bfb5b3' }, { field: 'indicator.file.hash.sha256', @@ -173,6 +176,7 @@ describe('CTI Enrichment', () => { const indicatorMatchRuleEnrichment = { field: 'myhash.mysha256', value: 'a04ac6d98ad989312783d4fe3456c53730b212c79a426fb215708b6c6daa3de3', + feedName: 'AbuseCH malware', }; const investigationTimeEnrichment = { field: 'source.ip', @@ -188,7 +192,7 @@ describe('CTI Enrichment', () => { .should('exist') .should( 'have.text', - `${indicatorMatchRuleEnrichment.field} ${indicatorMatchRuleEnrichment.value}` + `${indicatorMatchRuleEnrichment.field} ${indicatorMatchRuleEnrichment.value} from ${indicatorMatchRuleEnrichment.feedName}` ); cy.get(`${INVESTIGATION_TIME_ENRICHMENT_SECTION} ${THREAT_DETAILS_ACCORDION}`)