Skip to content

Commit

Permalink
Merge branch 'master' into remove-EuiOverlayMask
Browse files Browse the repository at this point in the history
  • Loading branch information
kibanamachine authored Mar 2, 2021
2 parents 2747322 + 3e026a3 commit e00a677
Show file tree
Hide file tree
Showing 9 changed files with 49 additions and 8 deletions.
2 changes: 1 addition & 1 deletion docs/user/alerting/alert-types.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ For domain-specific alerts, refer to the documentation for that app.
* {observability-guide}/create-alerts.html[Observability alerts]
* {security-guide}/prebuilt-rules.html[Security alerts]
* <<geo-alerting, Maps alerts>>
* <<xpack-ml, ML alerts>>
* {ml-docs}/ml-configuring-alerts.html[{ml-cap} alerts]

[NOTE]
==============================================
Expand Down
2 changes: 1 addition & 1 deletion docs/user/alerting/alerting-getting-started.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@

--

Alerting allows you to detect complex conditions within different {kib} apps and trigger actions when those conditions are met. Alerting is integrated with {observability-guide}/create-alerts.html[*Observability*], {security-guide}/prebuilt-rules.html[*Security*], <<geo-alerting,*Maps*>> and <<xpack-ml,*ML*>>, can be centrally managed from the <<management,*Management*>> UI, and provides a set of built-in <<action-types, actions>> and <<alert-types, alerts>> (known as stack alerts) for you to use.
Alerting allows you to detect complex conditions within different {kib} apps and trigger actions when those conditions are met. Alerting is integrated with {observability-guide}/create-alerts.html[*Observability*], {security-guide}/prebuilt-rules.html[*Security*], <<geo-alerting,*Maps*>> and {ml-docs}/ml-configuring-alerts.html[*{ml-app}*], can be centrally managed from the <<management,*Management*>> UI, and provides a set of built-in <<action-types, actions>> and <<alert-types, alerts>> (known as stack alerts) for you to use.

image::images/alerting-overview.png[Alerts and actions UI]

Expand Down
2 changes: 1 addition & 1 deletion docs/user/alerting/defining-alerts.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
[[defining-alerts]]
== Defining alerts

{kib} alerts can be created in a variety of apps including <<xpack-apm,*APM*>>, <<metrics-app,*Metrics*>>, <<xpack-siem,*Security*>>, <<uptime-app,*Uptime*>> and from <<management,*Management*>> UI. While alerting details may differ from app to app, they share a common interface for defining and configuring alerts that this section describes in more detail.
{kib} alerts can be created in a variety of apps including <<xpack-apm,*APM*>>, <<xpack-ml,*{ml-app}*>>, <<metrics-app,*Metrics*>>, <<xpack-siem,*Security*>>, <<uptime-app,*Uptime*>> and from <<management,*Management*>> UI. While alerting details may differ from app to app, they share a common interface for defining and configuring alerts that this section describes in more detail.

[float]
=== Alert flyout
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,7 @@ import {
} from '../../tasks/create_new_rule';
import { saveEditedRule, waitForKibana } from '../../tasks/edit_rule';
import { loginAndWaitForPageWithoutDateRange } from '../../tasks/login';
import { activatesRule } from '../../tasks/rule_details';

import { DETECTIONS_URL } from '../../urls/navigation';

Expand Down Expand Up @@ -308,6 +309,21 @@ describe('Custom detection rules deletion and edition', () => {
reload();
});

it('Only modifies rule active status on enable/disable', () => {
activatesRule();

cy.intercept('GET', `/api/detection_engine/rules?id=`).as('fetchRuleDetails');

goToRuleDetails();

cy.wait('@fetchRuleDetails').then(({ response }) => {
cy.wrap(response!.statusCode).should('eql', 200);

cy.wrap(response!.body.max_signals).should('eql', existingRule.maxSignals);
cy.wrap(response!.body.enabled).should('eql', false);
});
});

it('Allows a rule to be edited', () => {
editFirstRule();
waitForKibana();
Expand Down Expand Up @@ -347,8 +363,17 @@ describe('Custom detection rules deletion and edition', () => {
goToAboutStepTab();
cy.get(TAGS_CLEAR_BUTTON).click({ force: true });
fillAboutRule(editedRule);

cy.intercept('GET', '/api/detection_engine/rules?id').as('getRule');

saveEditedRule();

cy.wait('@getRule').then(({ response }) => {
cy.wrap(response!.statusCode).should('eql', 200);
// ensure that editing rule does not modify max_signals
cy.wrap(response!.body.max_signals).should('eql', existingRule.maxSignals);
});

cy.get(RULE_NAME_HEADER).should('have.text', `${editedRule.name}`);
cy.get(ABOUT_RULE_DESCRIPTION).should('have.text', editedRule.description);
cy.get(ABOUT_DETAILS).within(() => {
Expand Down
10 changes: 10 additions & 0 deletions x-pack/plugins/security_solution/cypress/objects/rule.ts
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ export interface CustomRule {
runsEvery: Interval;
lookBack: Interval;
timeline: CompleteTimeline;
maxSignals: number;
}

export interface ThresholdRule extends CustomRule {
Expand Down Expand Up @@ -174,6 +175,7 @@ export const newRule: CustomRule = {
runsEvery,
lookBack,
timeline,
maxSignals: 100,
};

export const existingRule: CustomRule = {
Expand All @@ -192,6 +194,9 @@ export const existingRule: CustomRule = {
runsEvery,
lookBack,
timeline,
// Please do not change, or if you do, needs
// to be any number other than default value
maxSignals: 500,
};

export const newOverrideRule: OverrideRule = {
Expand All @@ -213,6 +218,7 @@ export const newOverrideRule: OverrideRule = {
runsEvery,
lookBack,
timeline,
maxSignals: 100,
};

export const newThresholdRule: ThresholdRule = {
Expand All @@ -232,6 +238,7 @@ export const newThresholdRule: ThresholdRule = {
runsEvery,
lookBack,
timeline,
maxSignals: 100,
};

export const machineLearningRule: MachineLearningRule = {
Expand Down Expand Up @@ -265,6 +272,7 @@ export const eqlRule: CustomRule = {
runsEvery,
lookBack,
timeline,
maxSignals: 100,
};

export const eqlSequenceRule: CustomRule = {
Expand All @@ -285,6 +293,7 @@ export const eqlSequenceRule: CustomRule = {
runsEvery,
lookBack,
timeline,
maxSignals: 100,
};

export const newThreatIndicatorRule: ThreatIndicatorRule = {
Expand All @@ -304,6 +313,7 @@ export const newThreatIndicatorRule: ThreatIndicatorRule = {
indicatorMapping: 'agent.id',
indicatorIndexField: 'agent.threat',
timeline,
maxSignals: 100,
};

export const severitiesOverride = ['Low', 'Medium', 'High', 'Critical'];
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,7 @@ export const createCustomRuleActivated = (rule: CustomRule, ruleId = '1') =>
language: 'kuery',
enabled: true,
tags: ['rule1'],
max_signals: 500,
},
headers: { 'kbn-xsrf': 'cypress-creds' },
failOnStatusCode: false,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,11 +34,6 @@ export const activatesRule = () => {
});
};

export const deactivatesRule = () => {
cy.get(RULE_SWITCH).should('be.visible');
cy.get(RULE_SWITCH).click();
};

export const addsException = (exception: Exception) => {
cy.get(LOADING_SPINNER).should('exist');
cy.get(LOADING_SPINNER).should('not.exist');
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -251,6 +251,7 @@ const EditRulePageComponent: FC = () => {
rule
),
...(ruleId ? { id: ruleId } : {}),
...(rule != null ? { max_signals: rule.max_signals } : {}),
});
}
}, [
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
{
"name": "Query With Max Signals",
"description": "Simplest query with max signals set to something other than default",
"risk_score": 1,
"severity": "high",
"type": "query",
"query": "user.name: root or user.name: admin",
"max_signals": 500
}

0 comments on commit e00a677

Please sign in to comment.