-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] Ensure full test coverage for existing workflows of installing and upgrading prebuilt rules #148176
Closed
6 tasks done
Tracked by
#174166
Labels
8.9 candidate
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules area
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
test-coverage
issues & PRs for improving code test coverage
v8.9.0
Comments
banderror
added
test-coverage
issues & PRs for improving code test coverage
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Team:Detection Rule Management
Security Detection Rule Management Team
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules area
labels
Dec 29, 2022
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
Pinging @elastic/security-solution (Team: SecuritySolution) |
Note: add e2e tests to ensure that detection rules package installation doesn't fail with OOM: #148441 (comment) |
This was referenced Jan 11, 2023
Merged
Non-functional requirements
Test scenariosFeature: Rule update/installation notifications
Prebuilt rules are updated, and new rules are added to the detection engine on a regular basis. Users should be notified when there are updates available for installed prebuilt rules and when new prebuilt rules are available to install.
Scenario: Users notified about prebuilt rules
Given users don't have prebuilt detection rules installed in Kibana
When they navigate to the rules management page
Then they should see a call to action to install prebuilt rules
Scenario: Users are notified about prebuilt rule updates
Given users have prebuilt rules installed in Kibana
And there are updates available for prebuilt rules
When they navigate to the rules management page
Then they should see a call to action to update prebuilt rules
And they should see the number of outdated rules
Scenario: Users are notified about new prebuilt rules available to install
Given users have prebuilt rules installed in Kibana
And there are new prebuilt rules available to install
When they navigate to the rules management page
Then they should see a call to action to install new prebuilt rules
And they should see the number of new rules available to install
Scenario: No updates available
Given users have the latest prebuilt rules installed in Kibana
When they navigate to the rules management page
Then they should not see a call to action to update or install prebuilt detection rules
Feature: Rule update/installation workflow
Scenario: Users install the latest prebuilt rules
Given users don't have prebuilt detection rules installed in Kibana
When they navigate to the rules management page
And they click install rules
Then they should see a loading state
And they should see a success message
And they should see the prebuilt rules installed in the rules table
And the install rules call to action should disappear
Scenario: Users update prebuilt rules
Given users have outdated prebuilt rules installed in Kibana
When they navigate to the rules management page
And they click update rules
Then they should see a loading state
And they should see a success message
And they should see the prebuilt rules updated in the rules table
And the update, rules call to action should disappear
Scenario: Installation or update of prebuilt rules fails
Given users have updates available for prebuilt rules
When they navigate to the rules management page
And they click install or update rules
And the installation of prebuilt rules fails
Then they should see a loading state
And they should see an error message
And they should see the prebuilt rules not updated in the rules table
And the install/update rules call to action should still be visible
Scenario: Users should not see prerelease rules
Given users have prebuilt rules installed in Kibana
And there is a new prerelease rules package available
When users navigate to the rules management page
Then they should not see rule updates available |
3 tasks
3 tasks
banderror
added a commit
that referenced
this issue
Apr 11, 2023
…appings (#154473) **Related to:** elastic/security-team#6268 (internal) ## Summary For each of our Saved Object types, we must: 1. Remove any SO field mappings with `index: false` (or `enabled: false`, although a first pass was done in #149102) from our SO `mappings` declarations 2. Audit and remove any _unused_ SO fields to minimize our footprint This PR addresses these two requirements for this `security-rule` saved object type (prebuilt rule asset). ## Details Specifically, the PR removes the `name` field from the mappings because: - We don't filter, sort, search, or aggregate by it. - We might need to do it in the future for our prebuilt rule upgrade/installation workflows, but for now we're going to implement filtering, sorting, and pagination on the client side, thus there's no need for this mapping server-side. <img width="1295" alt="Screenshot 2023-04-05 at 15 19 10" src="https://user-images.githubusercontent.com/7359339/230094740-706a9a78-fec3-469e-a4ad-e8b7d7309c78.png"> Also, we may need to add more fields to this mapping in the future to implement further improvements for the prebuilt rule installation, upgrade, or deprecation workflows. ### Checklist - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] The unit test for SO mapping hashes has been updated. - [ ] More tests will be added as part of #148176 and #148192
6 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
8.9 candidate
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules area
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
test-coverage
issues & PRs for improving code test coverage
v8.9.0
Epic: https://github.com/elastic/security-team/issues/1974 (internal)
Summary
We're going to add support for the
security_detection_engine
package with historical versions of prebuilt rules. It's going to be supported within the existing functionality and by the existing API endpoints. The difference will be: under the hood, instead of having only the latest versions of prebuiltsecurity-rule
asset saved objects, we will have all historical versions.Before we do that, we need to make sure we have full test coverage for existing workflows of installing and upgrading prebuilt rules. When we're about to release the package with historical versions, we will have a trustworthy test suite to verify that we won't break the app by releasing this package.
Todo
rules/prepackaged
endpoints. Make it match the test plan: add missing tests, etc.Non-goal: unit test coverage. We can do it when we add support for historical versions, where needed.
Test plan
https://docs.google.com/document/d/1d_1DYnHlnCaPznWTjeCxhoaRUwxc2O_V0LToAPG0xLE/edit
The text was updated successfully, but these errors were encountered: