-
Notifications
You must be signed in to change notification settings - Fork 8.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
* improves 'Creates and activates a new custom rule' test * fixes constant problem * improves 'Creates and activates a new custom rule with override option' test * improves 'Creates and activates a new threshold rule' test * refactor * fixes type check issue * improves assertions * removes unused code * changes variables for constants * improves 'waitForTheRuleToBeExecuted' test * improves readability * fixes jenkins error * refactor * blah * more things * finishes 'Creates an exception from rule details and deletes the excpetion' implementation * implements 'Creates an exception from an alert and deletes the exception' * updates VALUES_INPUT locator * updates archiver * refactor * improves the code * fixes CI error * renames exceptions archive * refactor * fixes merge issue * fixes CI issue * debug * refactor * improves test data * removes signals index after the execution * removes unused line * removes unused variable * refactors 'numberOfauditbeatExceptionsAlerts' constant to camel case * simplifies the archive * waits for the rule to be executed after navigating to opened alerts tab * cleaning data * fixes tests flakiness * cleans test data * refactors code * removes unsused archives * cleans data * simplifies data * fixes CI issue Co-authored-by: Elastic Machine <[email protected]> Co-authored-by: Kibana Machine <[email protected]> Co-authored-by: Elastic Machine <[email protected]> Co-authored-by: Kibana Machine <[email protected]>
- Loading branch information
1 parent
dec83f2
commit ffe6614
Showing
16 changed files
with
7,572 additions
and
27 deletions.
There are no files selected for viewing
178 changes: 178 additions & 0 deletions
178
x-pack/plugins/security_solution/cypress/integration/alerts_detection_exceptions.spec.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,178 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
import { exception } from '../objects/exception'; | ||
import { newRule } from '../objects/rule'; | ||
|
||
import { RULE_STATUS } from '../screens/create_new_rule'; | ||
import { SERVER_SIDE_EVENT_COUNT } from '../screens/timeline'; | ||
|
||
import { | ||
addExceptionFromFirstAlert, | ||
goToClosedAlerts, | ||
goToManageAlertsDetectionRules, | ||
goToOpenedAlerts, | ||
waitForAlertsIndexToBeCreated, | ||
} from '../tasks/alerts'; | ||
import { createCustomRule, deleteCustomRule, removeSignalsIndex } from '../tasks/api_calls'; | ||
import { goToRuleDetails } from '../tasks/alerts_detection_rules'; | ||
import { waitForAlertsToPopulate } from '../tasks/create_new_rule'; | ||
import { esArchiverLoad, esArchiverUnload } from '../tasks/es_archiver'; | ||
import { loginAndWaitForPageWithoutDateRange } from '../tasks/login'; | ||
import { | ||
activatesRule, | ||
addsException, | ||
addsExceptionFromRuleSettings, | ||
goToAlertsTab, | ||
goToExceptionsTab, | ||
removeException, | ||
waitForTheRuleToBeExecuted, | ||
} from '../tasks/rule_details'; | ||
import { refreshPage } from '../tasks/security_header'; | ||
|
||
import { DETECTIONS_URL } from '../urls/navigation'; | ||
|
||
const NUMBER_OF_AUDITBEAT_EXCEPTIONS_ALERTS = 1; | ||
|
||
describe('Exceptions', () => { | ||
beforeEach(() => { | ||
loginAndWaitForPageWithoutDateRange(DETECTIONS_URL); | ||
waitForAlertsIndexToBeCreated(); | ||
createCustomRule(newRule); | ||
goToManageAlertsDetectionRules(); | ||
goToRuleDetails(); | ||
|
||
cy.get(RULE_STATUS).should('have.text', '—'); | ||
|
||
esArchiverLoad('auditbeat_for_exceptions'); | ||
activatesRule(); | ||
waitForTheRuleToBeExecuted(); | ||
waitForAlertsToPopulate(); | ||
refreshPage(); | ||
|
||
cy.get(SERVER_SIDE_EVENT_COUNT) | ||
.invoke('text') | ||
.then((numberOfInitialAlertsText) => { | ||
cy.wrap(parseInt(numberOfInitialAlertsText, 10)).should( | ||
'eql', | ||
NUMBER_OF_AUDITBEAT_EXCEPTIONS_ALERTS | ||
); | ||
}); | ||
}); | ||
|
||
afterEach(() => { | ||
esArchiverUnload('auditbeat_for_exceptions'); | ||
esArchiverUnload('auditbeat_for_exceptions2'); | ||
removeSignalsIndex(); | ||
deleteCustomRule(); | ||
}); | ||
context('From rule', () => { | ||
it('Creates an exception and deletes it', () => { | ||
goToExceptionsTab(); | ||
addsExceptionFromRuleSettings(exception); | ||
esArchiverLoad('auditbeat_for_exceptions2'); | ||
waitForTheRuleToBeExecuted(); | ||
goToAlertsTab(); | ||
refreshPage(); | ||
|
||
cy.get(SERVER_SIDE_EVENT_COUNT) | ||
.invoke('text') | ||
.then((numberOfAlertsAfterCreatingExceptionText) => { | ||
cy.wrap(parseInt(numberOfAlertsAfterCreatingExceptionText, 10)).should('eql', 0); | ||
}); | ||
|
||
goToClosedAlerts(); | ||
refreshPage(); | ||
|
||
cy.get(SERVER_SIDE_EVENT_COUNT) | ||
.invoke('text') | ||
.then((numberOfClosedAlertsAfterCreatingExceptionText) => { | ||
cy.wrap(parseInt(numberOfClosedAlertsAfterCreatingExceptionText, 10)).should( | ||
'eql', | ||
NUMBER_OF_AUDITBEAT_EXCEPTIONS_ALERTS | ||
); | ||
}); | ||
|
||
goToOpenedAlerts(); | ||
waitForTheRuleToBeExecuted(); | ||
refreshPage(); | ||
|
||
cy.get(SERVER_SIDE_EVENT_COUNT) | ||
.invoke('text') | ||
.then((numberOfOpenedAlertsAfterCreatingExceptionText) => { | ||
cy.wrap(parseInt(numberOfOpenedAlertsAfterCreatingExceptionText, 10)).should('eql', 0); | ||
}); | ||
|
||
goToExceptionsTab(); | ||
removeException(); | ||
refreshPage(); | ||
goToAlertsTab(); | ||
waitForTheRuleToBeExecuted(); | ||
waitForAlertsToPopulate(); | ||
refreshPage(); | ||
|
||
cy.get(SERVER_SIDE_EVENT_COUNT) | ||
.invoke('text') | ||
.then((numberOfAlertsAfterRemovingExceptionsText) => { | ||
cy.wrap(parseInt(numberOfAlertsAfterRemovingExceptionsText, 10)).should( | ||
'eql', | ||
NUMBER_OF_AUDITBEAT_EXCEPTIONS_ALERTS | ||
); | ||
}); | ||
}); | ||
}); | ||
|
||
context('From alert', () => { | ||
it('Creates an exception and deletes it', () => { | ||
addExceptionFromFirstAlert(); | ||
addsException(exception); | ||
esArchiverLoad('auditbeat_for_exceptions2'); | ||
|
||
cy.get(SERVER_SIDE_EVENT_COUNT) | ||
.invoke('text') | ||
.then((numberOfAlertsAfterCreatingExceptionText) => { | ||
cy.wrap(parseInt(numberOfAlertsAfterCreatingExceptionText, 10)).should('eql', 0); | ||
}); | ||
|
||
goToClosedAlerts(); | ||
refreshPage(); | ||
|
||
cy.get(SERVER_SIDE_EVENT_COUNT) | ||
.invoke('text') | ||
.then((numberOfClosedAlertsAfterCreatingExceptionText) => { | ||
cy.wrap(parseInt(numberOfClosedAlertsAfterCreatingExceptionText, 10)).should( | ||
'eql', | ||
NUMBER_OF_AUDITBEAT_EXCEPTIONS_ALERTS | ||
); | ||
}); | ||
|
||
goToOpenedAlerts(); | ||
waitForTheRuleToBeExecuted(); | ||
refreshPage(); | ||
|
||
cy.get(SERVER_SIDE_EVENT_COUNT) | ||
.invoke('text') | ||
.then((numberOfOpenedAlertsAfterCreatingExceptionText) => { | ||
cy.wrap(parseInt(numberOfOpenedAlertsAfterCreatingExceptionText, 10)).should('eql', 0); | ||
}); | ||
|
||
goToExceptionsTab(); | ||
removeException(); | ||
goToAlertsTab(); | ||
waitForTheRuleToBeExecuted(); | ||
waitForAlertsToPopulate(); | ||
refreshPage(); | ||
|
||
cy.get(SERVER_SIDE_EVENT_COUNT) | ||
.invoke('text') | ||
.then((numberOfAlertsAfterRemovingExceptionsText) => { | ||
cy.wrap(parseInt(numberOfAlertsAfterRemovingExceptionsText, 10)).should( | ||
'eql', | ||
NUMBER_OF_AUDITBEAT_EXCEPTIONS_ALERTS | ||
); | ||
}); | ||
}); | ||
}); | ||
}); |
17 changes: 17 additions & 0 deletions
17
x-pack/plugins/security_solution/cypress/objects/exception.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
export interface Exception { | ||
field: string; | ||
operator: string; | ||
values: string[]; | ||
} | ||
|
||
export const exception: Exception = { | ||
field: 'host.name', | ||
operator: 'is', | ||
values: ['suricata-iowa'], | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
24 changes: 24 additions & 0 deletions
24
x-pack/plugins/security_solution/cypress/screens/exceptions.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
export const ADD_EXCEPTIONS_BTN = '[data-test-subj="exceptionsHeaderAddExceptionBtn"]'; | ||
|
||
export const CLOSE_ALERTS_CHECKBOX = | ||
'[data-test-subj="bulk-close-alert-on-add-add-exception-checkbox"]'; | ||
|
||
export const CONFIRM_BTN = '[data-test-subj="add-exception-confirm-button"]'; | ||
|
||
export const FIELD_INPUT = | ||
'[data-test-subj="fieldAutocompleteComboBox"] [data-test-subj="comboBoxInput"]'; | ||
|
||
export const FIELD_INPUT_RESULT = '.euiFilterSelectItem'; | ||
|
||
export const LOADING_SPINNER = '[data-test-subj="loading-spinner"]'; | ||
|
||
export const OPERATOR_INPUT = '[data-test-subj="operatorAutocompleteComboBox"]'; | ||
|
||
export const VALUES_INPUT = | ||
'[data-test-subj="valuesAutocompleteMatch"] [data-test-subj="comboBoxInput"]'; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
45 changes: 45 additions & 0 deletions
45
x-pack/plugins/security_solution/cypress/tasks/api_calls.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License; | ||
* you may not use this file except in compliance with the Elastic License. | ||
*/ | ||
|
||
import { CustomRule } from '../objects/rule'; | ||
|
||
export const createCustomRule = (rule: CustomRule) => { | ||
cy.request({ | ||
method: 'POST', | ||
url: 'api/detection_engine/rules', | ||
body: { | ||
rule_id: 'rule_testing', | ||
risk_score: parseInt(rule.riskScore, 10), | ||
description: rule.description, | ||
interval: '10s', | ||
name: rule.name, | ||
severity: rule.severity.toLocaleLowerCase(), | ||
type: 'query', | ||
from: 'now-17520h', | ||
index: ['exceptions-*'], | ||
query: rule.customQuery, | ||
language: 'kuery', | ||
enabled: false, | ||
}, | ||
headers: { 'kbn-xsrf': 'cypress-creds' }, | ||
}); | ||
}; | ||
|
||
export const deleteCustomRule = () => { | ||
cy.request({ | ||
method: 'DELETE', | ||
url: 'api/detection_engine/rules?rule_id=rule_testing', | ||
headers: { 'kbn-xsrf': 'cypress-creds' }, | ||
}); | ||
}; | ||
|
||
export const removeSignalsIndex = () => { | ||
cy.request({ | ||
method: 'DELETE', | ||
url: `api/detection_engine/index`, | ||
headers: { 'kbn-xsrf': 'delete-signals' }, | ||
}); | ||
}; |
Oops, something went wrong.