diff --git a/x-pack/plugins/security_solution/cypress/integration/detection_alerts/cti_enrichments.spec.ts b/x-pack/plugins/security_solution/cypress/integration/detection_alerts/cti_enrichments.spec.ts index ec3d5a8676302..c9c2ff2159333 100644 --- a/x-pack/plugins/security_solution/cypress/integration/detection_alerts/cti_enrichments.spec.ts +++ b/x-pack/plugins/security_solution/cypress/integration/detection_alerts/cti_enrichments.spec.ts @@ -55,11 +55,13 @@ describe('CTI Enrichment', () => { goToRuleDetails(); }); - it.skip('Displays enrichment matched.* fields on the timeline', () => { + it('Displays enrichment matched.* fields on the timeline', () => { const expectedFields = { 'threat.enrichments.matched.atomic': getNewThreatIndicatorRule().atomic, - 'threat.enrichments.matched.type': 'indicator_match_rule', + 'threat.enrichments.matched.type': getNewThreatIndicatorRule().matchedType, 'threat.enrichments.matched.field': getNewThreatIndicatorRule().indicatorMappingField, + 'threat.enrichments.matched.id': getNewThreatIndicatorRule().matchedId, + 'threat.enrichments.matched.index': getNewThreatIndicatorRule().matchedIndex, }; const fields = Object.keys(expectedFields) as Array; diff --git a/x-pack/plugins/security_solution/cypress/objects/rule.ts b/x-pack/plugins/security_solution/cypress/objects/rule.ts index 1c81099d43dd5..2c2a743eb96d0 100644 --- a/x-pack/plugins/security_solution/cypress/objects/rule.ts +++ b/x-pack/plugins/security_solution/cypress/objects/rule.ts @@ -80,6 +80,9 @@ export interface ThreatIndicatorRule extends CustomRule { threatIndicatorPath: string; type?: string; atomic?: string; + matchedType?: string; + matchedId?: string; + matchedIndex?: string; } export interface MachineLearningRule { @@ -407,6 +410,9 @@ export const getNewThreatIndicatorRule = (): ThreatIndicatorRule => ({ timeline: getIndicatorMatchTimelineTemplate(), maxSignals: 100, threatIndicatorPath: 'threat.indicator', + matchedType: 'indicator_match_rule', + matchedId: '84cf452c1e0375c3d4412cb550bd1783358468a3b3b777da4829d72c7d6fb74f', + matchedIndex: 'logs-ti_abusech.malware', }); export const duplicatedRuleName = `${getNewThreatIndicatorRule().name} [Duplicate]`;