Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DE][Cypress] Add privileges coverage detections area #170380

Closed
wants to merge 5 commits into from
Closed

[DE][Cypress] Add privileges coverage detections area #170380

wants to merge 5 commits into from

Conversation

yctercero
Copy link
Contributor

@yctercero yctercero commented Nov 2, 2023
edited
Loading

Summary

Adds test coverage around privileges for detection area. ✅ means there is test coverage for use case.

UI Area t1 t2 Threat Intel Ana. t3 Rule Auth. Detec. Admin SOC Man. Platform Eng End. Op Analyst End. Policy Man.
Alerts tags
Alerts status
Value lists
Exceptions from alert
Exceptions from rule details

Updates to roles based on latest from https://github.com/elastic/project-controller/blob/main/internal/project/security/config/roles.yml. If you notice a role commented out, it needs follow up and a ticket has been opened to follow up in the appropriate repo.

Ideally, this will pair with FTRs which would cover API side logic.

Flakey test runner - https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/3861

@yctercero yctercero requested review from a team as code owners November 2, 2023 05:15
@yctercero yctercero requested a review from e40pud November 2, 2023 05:15
@yctercero yctercero added release_note:skip Skip the PR/issue when compiling release notes Team:Detections and Resp Security Detection Response Team Team:Detection Engine Security Solution Detection Engine Area v8.12.0 labels Nov 2, 2023
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@yctercero yctercero self-assigned this Nov 2, 2023
ashokaditya
ashokaditya reviewed Nov 2, 2023
View reviewed changes
packages/kbn-es/src/serverless_resources/security_roles.json
@@ -76,11 +85,18 @@
{
"feature": {
"ml": ["read"],
"siem": ["read", "read_alerts"],
"siem": ["read", "read_alerts", "endpoint_list_read"],
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This siem privilege would mean the t1_analyst would be able to access the endpoint list page, which the FTR test currently expects otherwise. I guess we should update the test per the new privilege.
cc @paul-tavares

@tomsonpl
Copy link
Contributor

tomsonpl commented Nov 2, 2023
edited
Loading

Hey @yctercero 👋
Firstly - thanks for your efforts in this, serverless roles are bringing confusion to me at all times, so every effort done to make it less confusing is really appreciated :P
Secondy - a question: why do we map project-controller yaml into a different syntax (I believe it's ES vs Kibana) and not reuse what project-controller gives us?
For Osquery cypress tests I adjusted kibana_roles.ts to accept security project-controller roles as it is.
Then I just copied 1:1 data from project-controller in here to be used in kibana.

Do you think it might make sense to reuse that approach? Thanks!

Ikuni17
Ikuni17 reviewed Nov 2, 2023
View reviewed changes
Copy link
Contributor

@Ikuni17 Ikuni17 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Technically operations team is owners of packages/kbn-es/src/serverless_resources/security_roles.json due to being owner of kbn-es/* but we don't have sufficient knowledge to maintain that file. Which team makes sense to transfer ownership to?

@yctercero
Copy link
Contributor Author

Hey @yctercero 👋 Firstly - thanks for your efforts in this, serverless roles are bringing confusion to me at all times, so every effort done to make it less confusing is really appreciated :P Secondy - a question: why do we map project-controller yaml into a different syntax (I believe it's ES vs Kibana) and not reuse what project-controller gives us? For Osquery cypress tests I adjusted kibana_roles.ts to accept security project-controller roles as it is. Then I just copied 1:1 data from project-controller in here to be used in kibana.

Do you think it might make sense to reuse that approach? Thanks!

I do like that idea. Having worked to update the roles here, it was very easy to miss something. By using your method, we would just copy paste directly. @maximpn any thoughts on updating this?

@yctercero
Copy link
Contributor Author

yctercero commented Nov 2, 2023
edited
Loading

Technically operations team is owners of packages/kbn-es/src/serverless_resources/security_roles.json due to being owner of kbn-es/* but we don't have sufficient knowledge to maintain that file. Which team makes sense to transfer ownership to?

@Ikuni17 I think it would be @elastic/security-threat-hunting @elastic/security-detection-engine @elastic/security-detection-rule-management @elastic/security-defend-workflows @elastic/security-threat-hunting-explore

@yctercero yctercero requested review from a team as code owners November 2, 2023 16:36
@maximpn
Copy link
Contributor

maximpn commented Nov 3, 2023
edited
Loading

@Ikuni17 @tomsonpl There is a ticket to add role syncing automation. I've added a comment there why JSON is better for consuming. On top of that packages/kbn-es/src/serverless_resources/security_roles.json is there because it's related to packages/kbn-es/src/serverless_resources/roles.yaml. In fact packages/kbn-es/src/serverless_resources/roles.yaml restored in Stateless ES. A copy like project_controller_security_roles.yml is just another copy which relevance maitained manually.

An idea in my mind to have one source of truth for roles in Kibana (ideally next to packages/kbn-es/src/serverless_resources) and set up automation to update that roles. It's still unclear who will implement it.

maximpn
maximpn reviewed Nov 3, 2023
View reviewed changes
x-pack/test/detection_engine_api_integration/security_and_spaces/group10/read_privileges.ts
@@ -478,31 +478,31 @@ export default ({ getService }: FtrProviderContext) => {
username: 'detections_admin',
has_all_requested: false,
Copy link
Contributor

@maximpn maximpn Nov 3, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While working on enabling Serverless roles for FTR tests in the PR I've noticed detections_admin has different privileges in Serverless than in ESS. I guess your change here will fail in ESS.

e40pud
e40pud approved these changes Nov 6, 2023
View reviewed changes
...press/cypress/e2e/detection_response/detection_alerts/alert_tags/alert_tags_privileges.cy.ts Outdated
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will be a great example for adding similar tests in my user assignment PR!

Should we also add tests to check that some roles are unable to update tags?

@kibana-ci
Copy link
Collaborator

kibana-ci commented Nov 6, 2023
edited
Loading

💔 Build Failed

Failed CI Steps

Test Failures

  • [job] [logs] Security Solution Cypress Tests #1 / Add, edit and delete exception Add, Edit and delete Exception item "before all" hook for "should create exception item from Shared Exception List page and linked to a Rule" "before all" hook for "should create exception item from Shared Exception List page and linked to a Rule"
  • [job] [logs] Security Solution Cypress Tests #1 / Add, edit and delete exception Add, Edit and delete Exception item "before all" hook for "should create exception item from Shared Exception List page and linked to a Rule" "before all" hook for "should create exception item from Shared Exception List page and linked to a Rule"
  • [job] [logs] FTR Configs #79 / Agents fleet_list_agent should return metrics if available and called with withMetrics
  • [job] [logs] FTR Configs #79 / Agents fleet_list_agent should return metrics if available and called with withMetrics
  • [job] [logs] Investigations - Security Solution Cypress Tests #7 / Alert details expandable flyout left panel entities "before all" hook for "should display host details and user details under Insights Entities" "before all" hook for "should display host details and user details under Insights Entities"
  • [job] [logs] Investigations - Security Solution Cypress Tests #7 / Alert details expandable flyout left panel entities "before all" hook for "should display host details and user details under Insights Entities" "before all" hook for "should display host details and user details under Insights Entities"
  • [job] [logs] Investigations - Security Solution Cypress Tests #2 / Alert details expandable flyout left panel investigation "before all" hook for "should display empty response message" "before all" hook for "should display empty response message"
  • [job] [logs] Investigations - Security Solution Cypress Tests #2 / Alert details expandable flyout left panel investigation "before all" hook for "should display empty response message" "before all" hook for "should display empty response message"
  • [job] [logs] Investigations - Security Solution Cypress Tests #8 / Alert details expandable flyout left panel investigation "before all" hook for "should display investigation guide" "before all" hook for "should display investigation guide"
  • [job] [logs] Investigations - Security Solution Cypress Tests #8 / Alert details expandable flyout left panel investigation "before all" hook for "should display investigation guide" "before all" hook for "should display investigation guide"
  • [job] [logs] Investigations - Security Solution Cypress Tests #1 / Alert details expandable flyout left panel prevalence "before all" hook for "should display prevalence tab" "before all" hook for "should display prevalence tab"
  • [job] [logs] Investigations - Security Solution Cypress Tests #1 / Alert details expandable flyout left panel prevalence "before all" hook for "should display prevalence tab" "before all" hook for "should display prevalence tab"
  • [job] [logs] Investigations - Security Solution Cypress Tests #6 / Alert details expandable flyout right panel json tab "before all" hook for "should display the json component" "before all" hook for "should display the json component"
  • [job] [logs] Investigations - Security Solution Cypress Tests #6 / Alert details expandable flyout right panel json tab "before all" hook for "should display the json component" "before all" hook for "should display the json component"
  • [job] [logs] Investigations - Security Solution Cypress Tests #7 / Alert details expandable flyout right panel overview tab about section "before all" hook for "should display about section" "before all" hook for "should display about section"
  • [job] [logs] Investigations - Security Solution Cypress Tests #7 / Alert details expandable flyout right panel overview tab about section "before all" hook for "should display about section" "before all" hook for "should display about section"
  • [job] [logs] Investigations - Security Solution Cypress Tests #8 / Alert details expandable flyout right panel table tab "before all" hook for "should display and filter the table" "before all" hook for "should display and filter the table"
  • [job] [logs] Investigations - Security Solution Cypress Tests #8 / Alert details expandable flyout right panel table tab "before all" hook for "should display and filter the table" "before all" hook for "should display and filter the table"
  • [job] [logs] Investigations - Security Solution Cypress Tests #4 / Alert details expandable flyout rule preview panel alert reason preview "before all" hook for "should display alert reason preview" "before all" hook for "should display alert reason preview"
  • [job] [logs] Investigations - Security Solution Cypress Tests #4 / Alert details expandable flyout rule preview panel alert reason preview "before all" hook for "should display alert reason preview" "before all" hook for "should display alert reason preview"
  • [job] [logs] Investigations - Security Solution Cypress Tests #5 / Alert details expandable flyout rule preview panel rule preview "before all" hook for "should display rule preview and its sub sections" "before all" hook for "should display rule preview and its sub sections"
  • [job] [logs] Investigations - Security Solution Cypress Tests #5 / Alert details expandable flyout rule preview panel rule preview "before all" hook for "should display rule preview and its sub sections" "before all" hook for "should display rule preview and its sub sections"
  • [job] [logs] Investigations - Security Solution Cypress Tests #5 / Alert details flyout Basic functions "before all" hook for "should update the table when status of the alert is updated" "before all" hook for "should update the table when status of the alert is updated"
  • [job] [logs] Investigations - Security Solution Cypress Tests #5 / Alert details flyout Basic functions "before all" hook for "should update the table when status of the alert is updated" "before all" hook for "should update the table when status of the alert is updated"
  • [job] [logs] Investigations - Security Solution Cypress Tests #2 / Alert Table Controls "before all" hook for "full screen, column sorting" "before all" hook for "full screen, column sorting"
  • [job] [logs] Investigations - Security Solution Cypress Tests #2 / Alert Table Controls "before all" hook for "full screen, column sorting" "before all" hook for "full screen, column sorting"
  • [job] [logs] Investigations - Security Solution Cypress Tests #3 / Alerts cell actions Filter "before all" hook for "should filter for a non-empty property" "before all" hook for "should filter for a non-empty property"
  • [job] [logs] Investigations - Security Solution Cypress Tests #3 / Alerts cell actions Filter "before all" hook for "should filter for a non-empty property" "before all" hook for "should filter for a non-empty property"
  • [job] [logs] Investigations - Security Solution Cypress Tests #6 / Alerts generated by building block rules "before all" hook for "Alerts should be visible on the Rule Detail page and not visible on the Overview page" "before all" hook for "Alerts should be visible on the Rule Detail page and not visible on the Overview page"
  • [job] [logs] Investigations - Security Solution Cypress Tests #6 / Alerts generated by building block rules "before all" hook for "Alerts should be visible on the Rule Detail page and not visible on the Overview page" "before all" hook for "Alerts should be visible on the Rule Detail page and not visible on the Overview page"
  • [job] [logs] Investigations - Security Solution Cypress Tests #1 / Alerts Table Action column "before all" hook for "should have session viewer button visible & open session viewer on click" "before all" hook for "should have session viewer button visible & open session viewer on click"
  • [job] [logs] Investigations - Security Solution Cypress Tests #1 / Alerts Table Action column "before all" hook for "should have session viewer button visible & open session viewer on click" "before all" hook for "should have session viewer button visible & open session viewer on click"
  • [job] [logs] Explore - Security Solution Cypress Tests #1 / Alerts timeline Privileges: read only "before all" hook for "should not allow user with read only privileges to attach alerts to existing cases" "before all" hook for "should not allow user with read only privileges to attach alerts to existing cases"
  • [job] [logs] Explore - Security Solution Cypress Tests #1 / Alerts timeline Privileges: read only "before all" hook for "should not allow user with read only privileges to attach alerts to existing cases" "before all" hook for "should not allow user with read only privileges to attach alerts to existing cases"
  • [job] [logs] Explore - Security Solution Cypress Tests #3 / All hosts table with legacy risk score "before all" hook for "it renders risk column" "before all" hook for "it renders risk column"
  • [job] [logs] Explore - Security Solution Cypress Tests #3 / All hosts table with legacy risk score "before all" hook for "it renders risk column" "before all" hook for "it renders risk column"
  • [job] [logs] Investigations - Security Solution Cypress Tests #4 / Analyze events view for alerts "before all" hook for "should render when button is clicked" "before all" hook for "should render when button is clicked"
  • [job] [logs] Investigations - Security Solution Cypress Tests #4 / Analyze events view for alerts "before all" hook for "should render when button is clicked" "before all" hook for "should render when button is clicked"
  • [job] [logs] Explore - Security Solution Cypress Tests #2 / attach timeline to case without cases created "before all" hook for "attach timeline to a new case" "before all" hook for "attach timeline to a new case"
  • [job] [logs] Explore - Security Solution Cypress Tests #2 / attach timeline to case without cases created "before all" hook for "attach timeline to a new case" "before all" hook for "attach timeline to a new case"
  • [job] [logs] Investigations - Security Solution Cypress Tests #7 / Bulk Investigate in Timeline Alerts "before all" hook for "Adding multiple alerts to the timeline should be successful" "before all" hook for "Adding multiple alerts to the timeline should be successful"
  • [job] [logs] Investigations - Security Solution Cypress Tests #7 / Bulk Investigate in Timeline Alerts "before all" hook for "Adding multiple alerts to the timeline should be successful" "before all" hook for "Adding multiple alerts to the timeline should be successful"
  • [job] [logs] Explore - Security Solution Cypress Tests #1 / Cases "before all" hook for "Creates a new case with timeline and opens the timeline" "before all" hook for "Creates a new case with timeline and opens the timeline"
  • [job] [logs] Explore - Security Solution Cypress Tests #1 / Cases "before all" hook for "Creates a new case with timeline and opens the timeline" "before all" hook for "Creates a new case with timeline and opens the timeline"
  • [job] [logs] Explore - Security Solution Cypress Tests #3 / Cases connector incident fields "before all" hook for "Correct incident fields show when connector is changed" "before all" hook for "Correct incident fields show when connector is changed"
  • [job] [logs] Explore - Security Solution Cypress Tests #3 / Cases connector incident fields "before all" hook for "Correct incident fields show when connector is changed" "before all" hook for "Correct incident fields show when connector is changed"
  • [job] [logs] Explore - Security Solution Cypress Tests #4 / Cases connectors "before all" hook for "Configures a new connector" "before all" hook for "Configures a new connector"
  • [job] [logs] Explore - Security Solution Cypress Tests #4 / Cases connectors "before all" hook for "Configures a new connector" "before all" hook for "Configures a new connector"
  • [job] [logs] Explore - Security Solution Cypress Tests #2 / Cases privileges "before all" hook for "User sec_all_user with role(s) sec_all_role can create a case" "before all" hook for "User sec_all_user with role(s) sec_all_role can create a case"
  • [job] [logs] Explore - Security Solution Cypress Tests #2 / Cases privileges "before all" hook for "User sec_all_user with role(s) sec_all_role can create a case" "before all" hook for "User sec_all_user with role(s) sec_all_role can create a case"
  • [job] [logs] Investigations - Security Solution Cypress Tests #7 / Changing alert status Opening alerts "before all" hook for "Open one alert when more than one closed alerts are selected" "before all" hook for "Open one alert when more than one closed alerts are selected"
  • [job] [logs] Investigations - Security Solution Cypress Tests #7 / Changing alert status Opening alerts "before all" hook for "Open one alert when more than one closed alerts are selected" "before all" hook for "Open one alert when more than one closed alerts are selected"
  • [job] [logs] Investigations - Security Solution Cypress Tests #8 / Correlation tab "before all" hook for "should update timeline after adding eql" "before all" hook for "should update timeline after adding eql"
  • [job] [logs] Investigations - Security Solution Cypress Tests #8 / Correlation tab "before all" hook for "should update timeline after adding eql" "before all" hook for "should update timeline after adding eql"
  • [job] [logs] Investigations - Security Solution Cypress Tests #1 / Create a timeline from a template "before all" hook for "Should have the same query and open the timeline modal" "before all" hook for "Should have the same query and open the timeline modal"
  • [job] [logs] Investigations - Security Solution Cypress Tests #1 / Create a timeline from a template "before all" hook for "Should have the same query and open the timeline modal" "before all" hook for "Should have the same query and open the timeline modal"
  • [job] [logs] Security Solution Cypress Tests #3 / Duplicate List "before all" hook for "Duplicate exception list with expired items" "before all" hook for "Duplicate exception list with expired items"
  • [job] [logs] Security Solution Cypress Tests #3 / Duplicate List "before all" hook for "Duplicate exception list with expired items" "before all" hook for "Duplicate exception list with expired items"
  • [job] [logs] Explore - Security Solution Cypress Tests #3 / Enable risk scores from dashboard "before all" hook for "host risk enable button should redirect to entity management page" "before all" hook for "host risk enable button should redirect to entity management page"
  • [job] [logs] Explore - Security Solution Cypress Tests #3 / Enable risk scores from dashboard "before all" hook for "host risk enable button should redirect to entity management page" "before all" hook for "host risk enable button should redirect to entity management page"
  • [job] [logs] Explore - Security Solution Cypress Tests #4 / Entity Analytics Dashboard legacy risk score Without data "before all" hook for "shows enable host risk button" "before all" hook for "shows enable host risk button"
  • [job] [logs] Explore - Security Solution Cypress Tests #4 / Entity Analytics Dashboard legacy risk score Without data "before all" hook for "shows enable host risk button" "before all" hook for "shows enable host risk button"
  • [job] [logs] Explore - Security Solution Cypress Tests #2 / ESS - pinned filters "before all" hook for "show pinned filters on security" "before all" hook for "show pinned filters on security"
  • [job] [logs] Explore - Security Solution Cypress Tests #2 / ESS - pinned filters "before all" hook for "show pinned filters on security" "before all" hook for "show pinned filters on security"
  • [job] [logs] Investigations - Security Solution Cypress Tests #8 / Event Rendered View "before all" hook for "Event Summary Column" "before all" hook for "Event Summary Column"
  • [job] [logs] Investigations - Security Solution Cypress Tests #8 / Event Rendered View "before all" hook for "Event Summary Column" "before all" hook for "Event Summary Column"
  • [job] [logs] Explore - Security Solution Cypress Tests #1 / Events Viewer Fields rendering "before all" hook for "displays "view all" option by default" "before all" hook for "displays "view all" option by default"
  • [job] [logs] Explore - Security Solution Cypress Tests #1 / Events Viewer Fields rendering "before all" hook for "displays "view all" option by default" "before all" hook for "displays "view all" option by default"
  • [job] [logs] Security Solution Cypress Tests #2 / Exception list detail page "before all" hook for "Should edit list details" "before all" hook for "Should edit list details"
  • [job] [logs] Security Solution Cypress Tests #2 / Exception list detail page "before all" hook for "Should edit list details" "before all" hook for "Should edit list details"
  • [job] [logs] Investigations - Security Solution Cypress Tests #6 / Expandable flyout left panel correlations "before all" hook for "should render correlations details correctly" "before all" hook for "should render correlations details correctly"
  • [job] [logs] Investigations - Security Solution Cypress Tests #6 / Expandable flyout left panel correlations "before all" hook for "should render correlations details correctly" "before all" hook for "should render correlations details correctly"
  • [job] [logs] Investigations - Security Solution Cypress Tests #3 / Expandable flyout left panel threat intelligence "before all" hook for "should serialize its state to url" "before all" hook for "should serialize its state to url"
  • [job] [logs] Investigations - Security Solution Cypress Tests #3 / Expandable flyout left panel threat intelligence "before all" hook for "should serialize its state to url" "before all" hook for "should serialize its state to url"
  • [job] [logs] Investigations - Security Solution Cypress Tests #1 / Expandable flyout state sync "before all" hook for "should test flyout url sync" "before all" hook for "should test flyout url sync"
  • [job] [logs] Investigations - Security Solution Cypress Tests #1 / Expandable flyout state sync "before all" hook for "should test flyout url sync" "before all" hook for "should test flyout url sync"
  • [job] [logs] Investigations - Security Solution Cypress Tests #6 / Export timelines "before all" hook for "Exports a custom timeline template" "before all" hook for "Exports a custom timeline template"
  • [job] [logs] Investigations - Security Solution Cypress Tests #6 / Export timelines "before all" hook for "Exports a custom timeline template" "before all" hook for "Exports a custom timeline template"
  • [job] [logs] Investigations - Security Solution Cypress Tests #2 / Export timelines "before all" hook for "Exports custom timeline(s)" "before all" hook for "Exports custom timeline(s)"
  • [job] [logs] Investigations - Security Solution Cypress Tests #2 / Export timelines "before all" hook for "Exports custom timeline(s)" "before all" hook for "Exports custom timeline(s)"
  • [job] [logs] Security Solution Cypress Tests #4 / Filter Lists "before all" hook for "Filters exception lists on search" "before all" hook for "Filters exception lists on search"
  • [job] [logs] Security Solution Cypress Tests #4 / Filter Lists "before all" hook for "Filters exception lists on search" "before all" hook for "Filters exception lists on search"
  • [job] [logs] Explore - Security Solution Cypress Tests #3 / Guided onboarding tour "before all" hook for "Completes the tour with next button clicks" "before all" hook for "Completes the tour with next button clicks"
  • [job] [logs] Explore - Security Solution Cypress Tests #3 / Guided onboarding tour "before all" hook for "Completes the tour with next button clicks" "before all" hook for "Completes the tour with next button clicks"
  • [job] [logs] Investigations - Security Solution Cypress Tests #4 / Histogram legend hover actions "before all" hook for "Filter in/out should add a filter to KQL bar" "before all" hook for "Filter in/out should add a filter to KQL bar"
  • [job] [logs] Investigations - Security Solution Cypress Tests #4 / Histogram legend hover actions "before all" hook for "Filter in/out should add a filter to KQL bar" "before all" hook for "Filter in/out should add a filter to KQL bar"
  • [job] [logs] Security Solution Cypress Tests #5 / Import Lists "before all" hook for "Should import exception list successfully if the list does not exist" "before all" hook for "Should import exception list successfully if the list does not exist"
  • [job] [logs] Security Solution Cypress Tests #5 / Import Lists "before all" hook for "Should import exception list successfully if the list does not exist" "before all" hook for "Should import exception list successfully if the list does not exist"
  • [job] [logs] Investigations - Security Solution Cypress Tests #5 / Inspect Timeline "before all" hook for "inspects the timeline" "before all" hook for "inspects the timeline"
  • [job] [logs] Investigations - Security Solution Cypress Tests #5 / Inspect Timeline "before all" hook for "inspects the timeline" "before all" hook for "inspects the timeline"
  • [job] [logs] Investigations - Security Solution Cypress Tests #1 / Investigate in timeline From alerts table "before all" hook for "should open new timeline from alerts table" "before all" hook for "should open new timeline from alerts table"
  • [job] [logs] Investigations - Security Solution Cypress Tests #1 / Investigate in timeline From alerts table "before all" hook for "should open new timeline from alerts table" "before all" hook for "should open new timeline from alerts table"
  • [job] [logs] Security Solution Cypress Tests #6 / Manage lists from "Shared Exception Lists" page Create/Export/Delete List "before all" hook for "Export exception list" "before all" hook for "Export exception list"
  • [job] [logs] Security Solution Cypress Tests #6 / Manage lists from "Shared Exception Lists" page Create/Export/Delete List "before all" hook for "Export exception list" "before all" hook for "Export exception list"
  • [job] [logs] Investigations - Security Solution Cypress Tests #5 / Open timeline open timeline from url exclusively "before all" hook for "should open a timeline via url alone without a saved object id" "before all" hook for "should open a timeline via url alone without a saved object id"
  • [job] [logs] Investigations - Security Solution Cypress Tests #5 / Open timeline open timeline from url exclusively "before all" hook for "should open a timeline via url alone without a saved object id" "before all" hook for "should open a timeline via url alone without a saved object id"
  • [job] [logs] Investigations - Security Solution Cypress Tests #7 / Open timeline Open timeline modal "before all" hook for "should display timeline info" "before all" hook for "should display timeline info"
  • [job] [logs] Investigations - Security Solution Cypress Tests #7 / Open timeline Open timeline modal "before all" hook for "should display timeline info" "before all" hook for "should display timeline info"
  • [job] [logs] Explore - Security Solution Cypress Tests #4 / Overview Page "before all" hook for "Host stats render with correct values" "before all" hook for "Host stats render with correct values"
  • [job] [logs] Explore - Security Solution Cypress Tests #4 / Overview Page "before all" hook for "Host stats render with correct values" "before all" hook for "Host stats render with correct values"
  • [job] [logs] Investigations - Security Solution Cypress Tests #8 / Pagination "before all" hook for "should have 25 events in the page by default" "before all" hook for "should have 25 events in the page by default"
  • [job] [logs] Investigations - Security Solution Cypress Tests #8 / Pagination "before all" hook for "should have 25 events in the page by default" "before all" hook for "should have 25 events in the page by default"
  • [job] [logs] Explore - Security Solution Cypress Tests #1 / Pagination Host uncommon processes table) "before all" hook for "pagination updates results and page number" "before all" hook for "pagination updates results and page number"
  • [job] [logs] Explore - Security Solution Cypress Tests #1 / Pagination Host uncommon processes table) "before all" hook for "pagination updates results and page number" "before all" hook for "pagination updates results and page number"
  • [job] [logs] Investigations - Security Solution Cypress Tests #6 / persistent timeline "before all" hook for "persist the deletion of a column" "before all" hook for "persist the deletion of a column"
  • [job] [logs] Investigations - Security Solution Cypress Tests #6 / persistent timeline "before all" hook for "persist the deletion of a column" "before all" hook for "persist the deletion of a column"
  • [job] [logs] Investigations - Security Solution Cypress Tests #2 / Ransomware Detection Alerts Ransomware display in Alerts Section Alerts table "before all" hook for "shows Ransomware Alerts" "before all" hook for "shows Ransomware Alerts"
  • [job] [logs] Investigations - Security Solution Cypress Tests #2 / Ransomware Detection Alerts Ransomware display in Alerts Section Alerts table "before all" hook for "shows Ransomware Alerts" "before all" hook for "shows Ransomware Alerts"
  • [job] [logs] Investigations - Security Solution Cypress Tests #3 / Ransomware Prevention Alerts Ransomware display in Alerts Section Alerts table "before all" hook for "shows Ransomware Alerts" "before all" hook for "shows Ransomware Alerts"
  • [job] [logs] Investigations - Security Solution Cypress Tests #3 / Ransomware Prevention Alerts Ransomware display in Alerts Section Alerts table "before all" hook for "shows Ransomware Alerts" "before all" hook for "shows Ransomware Alerts"
  • [job] [logs] Explore - Security Solution Cypress Tests #4 / risk tab with legacy risk score "before all" hook for "renders risk tab" "before all" hook for "renders risk tab"
  • [job] [logs] Explore - Security Solution Cypress Tests #4 / risk tab with legacy risk score "before all" hook for "renders risk tab" "before all" hook for "renders risk tab"
  • [job] [logs] Explore - Security Solution Cypress Tests #2 / risk tab with legacy risk score "before all" hook for "renders the table" "before all" hook for "renders the table"
  • [job] [logs] Explore - Security Solution Cypress Tests #2 / risk tab with legacy risk score "before all" hook for "renders the table" "before all" hook for "renders the table"
  • [job] [logs] Investigations - Security Solution Cypress Tests #1 / Row renderers "before all" hook for "Row renderers should be enabled by default" "before all" hook for "Row renderers should be enabled by default"
  • [job] [logs] Investigations - Security Solution Cypress Tests #1 / Row renderers "before all" hook for "Row renderers should be enabled by default" "before all" hook for "Row renderers should be enabled by default"
  • [job] [logs] Investigations - Security Solution Cypress Tests #4 / Save Timeline Prompts "before all" hook for "unchanged & unsaved timeline should NOT prompt when user navigates away" "before all" hook for "unchanged & unsaved timeline should NOT prompt when user navigates away"
  • [job] [logs] Investigations - Security Solution Cypress Tests #4 / Save Timeline Prompts "before all" hook for "unchanged & unsaved timeline should NOT prompt when user navigates away" "before all" hook for "unchanged & unsaved timeline should NOT prompt when user navigates away"
  • [job] [logs] Security Solution Cypress Tests #7 / Shared exception lists - read only "before all" hook for "Displays missing privileges primary callout" "before all" hook for "Displays missing privileges primary callout"
  • [job] [logs] Security Solution Cypress Tests #7 / Shared exception lists - read only "before all" hook for "Displays missing privileges primary callout" "before all" hook for "Displays missing privileges primary callout"
  • [job] [logs] Investigations - Security Solution Cypress Tests #3 / timeline flyout button "before all" hook for "toggles open the timeline" "before all" hook for "toggles open the timeline"
  • [job] [logs] Investigations - Security Solution Cypress Tests #3 / timeline flyout button "before all" hook for "toggles open the timeline" "before all" hook for "toggles open the timeline"
  • [job] [logs] Investigations - Security Solution Cypress Tests #2 / Timeline search and filters timeline search or filter KQL bar "before all" hook for "executes a KQL query" "before all" hook for "executes a KQL query"
  • [job] [logs] Investigations - Security Solution Cypress Tests #2 / Timeline search and filters timeline search or filter KQL bar "before all" hook for "executes a KQL query" "before all" hook for "executes a KQL query"
  • [job] [logs] Investigations - Security Solution Cypress Tests #5 / Timeline Templates "before all" hook for "Creates a timeline template" "before all" hook for "Creates a timeline template"
  • [job] [logs] Investigations - Security Solution Cypress Tests #5 / Timeline Templates "before all" hook for "Creates a timeline template" "before all" hook for "Creates a timeline template"
  • [job] [logs] Investigations - Security Solution Cypress Tests #3 / toggle column in timeline "before all" hook for "removes the @timestamp field from the timeline when the user un-checks the toggle" "before all" hook for "removes the @timestamp field from the timeline when the user un-checks the toggle"
  • [job] [logs] Investigations - Security Solution Cypress Tests #3 / toggle column in timeline "before all" hook for "removes the @timestamp field from the timeline when the user un-checks the toggle" "before all" hook for "removes the @timestamp field from the timeline when the user un-checks the toggle"
  • [job] [logs] Investigations - Security Solution Cypress Tests #4 / Toggle full screen "before all" hook for "Should hide timeline header and tab list area" "before all" hook for "Should hide timeline header and tab list area"
  • [job] [logs] Investigations - Security Solution Cypress Tests #4 / Toggle full screen "before all" hook for "Should hide timeline header and tab list area" "before all" hook for "Should hide timeline header and tab list area"
  • [job] [logs] Explore - Security Solution Cypress Tests #1 / Upgrade risk scores show upgrade risk button "before all" hook for "shows upgrade panel" "before all" hook for "shows upgrade panel"
  • [job] [logs] Explore - Security Solution Cypress Tests #1 / Upgrade risk scores show upgrade risk button "before all" hook for "shows upgrade panel" "before all" hook for "shows upgrade panel"
  • [job] [logs] Explore - Security Solution Cypress Tests #2 / user details flyout "before all" hook for "shows user detail flyout from alert table" "before all" hook for "shows user detail flyout from alert table"
  • [job] [logs] Explore - Security Solution Cypress Tests #2 / user details flyout "before all" hook for "shows user detail flyout from alert table" "before all" hook for "shows user detail flyout from alert table"
  • [job] [logs] Explore - Security Solution Cypress Tests #3 / Users stats and tables Users page tabs "before all" hook for "renders all users" "before all" hook for "renders all users"
  • [job] [logs] Explore - Security Solution Cypress Tests #3 / Users stats and tables Users page tabs "before all" hook for "renders all users" "before all" hook for "renders all users"

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @yctercero

@e40pud e40pud mentioned this pull request Nov 16, 2023
Merged
@PhilippeOberti
Copy link
Contributor

@yctercero I see this PR hasn't been updated in a couple of months, is it still being worked on or can we close it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ikuni17 Ikuni17 Ikuni17 left review comments

@maximpn maximpn maximpn left review comments

@ashokaditya ashokaditya ashokaditya left review comments

@e40pud e40pud e40pud approved these changes

@patrykkopycinski patrykkopycinski Awaiting requested review from patrykkopycinski patrykkopycinski is a code owner automatically assigned from elastic/security-defend-workflows

@gergoabraham gergoabraham Awaiting requested review from gergoabraham gergoabraham is a code owner automatically assigned from elastic/security-defend-workflows

Assignees

@yctercero yctercero

Labels
release_note:skip Skip the PR/issue when compiling release notes Team:Detection Engine Security Solution Detection Engine Area Team:Detections and Resp Security Detection Response Team v8.12.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@yctercero @elasticmachine @tomsonpl @maximpn @kibana-ci @PhilippeOberti @ashokaditya @e40pud @Ikuni17