Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[SIEM][Detections Engine] - Add rule markdown to timeline global notes #61026

Merged
merged 16 commits into from
Mar 30, 2020
Merged

[SIEM][Detections Engine] - Add rule markdown to timeline global notes #61026

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
6cc080c
updated cypress tests to account for rule note markdown field
yctercero Mar 24, 2020
bf1f92a
added be code to allow note value to appear on ecs.signal.rule
yctercero Mar 24, 2020
ce68ebd
added functionality of new global timeline note created on init timel…
yctercero Mar 24, 2020
4d4ff18
updated investigation notes to investigation guide, view in timeline …
yctercero Mar 24, 2020
b96cf22
updated some unit tests
yctercero Mar 24, 2020
13fb918
Merge branch 'master' of github.com:yctercero/kibana into rule_mkd_ti…
yctercero Mar 24, 2020
9cf92f8
Merge branch 'rule_mkd_timeline_note' of https://github.com/yctercero…
yctercero Mar 25, 2020
1277844
ran through tests, added unit tests
yctercero Mar 26, 2020
9b636d9
Merge branch 'master' of github.com:yctercero/kibana into rule_mkd_ti…
yctercero Mar 26, 2020
b56731b
fix type error in cypress test
yctercero Mar 26, 2020
23563b8
per feedback, rewrote code to include logic in existing helper, updat…
yctercero Mar 27, 2020
f1d635f
Merge branch 'master' of github.com:yctercero/kibana into rule_mkd_ti…
yctercero Mar 27, 2020
be91867
added one more unit test, changed naming of ruleGuide to ruleNote
yctercero Mar 27, 2020
444b915
Merge branch 'master' of github.com:yctercero/kibana into rule_mkd_ti…
yctercero Mar 27, 2020
2982793
Merge branch 'master' into rule_mkd_timeline_note
elasticmachine Mar 27, 2020
d7c3955
Merge branch 'master' into rule_mkd_timeline_note
elasticmachine Mar 30, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions x-pack/legacy/plugins/siem/cypress/integration/signal_detection_rules_custom.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import { newRule, totalNumberOfPrebuiltRules } from '../objects/rule';

import {
ABOUT_FALSE_POSITIVES,
ABOUT_INVESTIGATION_NOTES,
ABOUT_MITRE,
ABOUT_RISK,
ABOUT_RULE_DESCRIPTION,
Expand All @@ -19,6 +20,9 @@ import {
DEFINITION_INDEX_PATTERNS,
DEFINITION_TIMELINE,
DEFINITION_STEP,
INVESTIGATION_NOTES_MARKDOWN,
INVESTIGATION_NOTES_TOGGLE,
RULE_ABOUT_DETAILS_HEADER_TOGGLE,
RULE_NAME_HEADER,
SCHEDULE_LOOPBACK,
SCHEDULE_RUNS,
Expand Down Expand Up @@ -170,6 +174,13 @@ describe('Signal detection rules, custom', () => {
.invoke('text')
.should('eql', expectedTags);

cy.get(RULE_ABOUT_DETAILS_HEADER_TOGGLE)
.eq(INVESTIGATION_NOTES_TOGGLE)
.click({ force: true });
cy.get(ABOUT_INVESTIGATION_NOTES)
.invoke('text')
.should('eql', INVESTIGATION_NOTES_MARKDOWN);

cy.get(DEFINITION_INDEX_PATTERNS).then(patterns => {
cy.wrap(patterns).each((pattern, index) => {
cy.wrap(pattern)
Expand Down
4 changes: 4 additions & 0 deletions x-pack/legacy/plugins/siem/cypress/objects/rule.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ export interface CustomRule {
referenceUrls: string[];
falsePositivesExamples: string[];
mitre: Mitre[];
note: string;
}

export interface MachineLearningRule {
Expand All @@ -36,6 +37,7 @@ export interface MachineLearningRule {
referenceUrls: string[];
falsePositivesExamples: string[];
mitre: Mitre[];
note: string;
}

const mitre1: Mitre = {
Expand All @@ -58,6 +60,7 @@ export const newRule: CustomRule = {
referenceUrls: ['https://www.google.com/', 'https://elastic.co/'],
falsePositivesExamples: ['False1', 'False2'],
mitre: [mitre1, mitre2],
note: '# test markdown',
};

export const machineLearningRule: MachineLearningRule = {
Expand All @@ -71,4 +74,5 @@ export const machineLearningRule: MachineLearningRule = {
referenceUrls: ['https://elastic.co/'],
falsePositivesExamples: ['False1'],
mitre: [mitre1],
note: '# test markdown',
};
5 changes: 4 additions & 1 deletion x-pack/legacy/plugins/siem/cypress/screens/create_new_rule.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,8 @@ export const CUSTOM_QUERY_INPUT = '[data-test-subj="queryInput"]';

export const DEFINE_CONTINUE_BUTTON = '[data-test-subj="define-continue"]';

export const SCHEDULE_CONTINUE_BUTTON = '[data-test-subj="schedule-continue"]';
export const INVESTIGATION_NOTES_TEXTAREA =
'[data-test-subj="detectionEngineStepAboutRuleNote"] textarea';

export const FALSE_POSITIVES_INPUT =
'[data-test-subj="detectionEngineStepAboutRuleFalsePositives"] input';
Expand Down Expand Up @@ -53,6 +54,8 @@ export const RULE_DESCRIPTION_INPUT =
export const RULE_NAME_INPUT =
'[data-test-subj="detectionEngineStepAboutRuleName"] [data-test-subj="input"]';

export const SCHEDULE_CONTINUE_BUTTON = '[data-test-subj="schedule-continue"]';

export const SEVERITY_DROPDOWN =
'[data-test-subj="detectionEngineStepAboutRuleSeverity"] [data-test-subj="select"]';

Expand Down
8 changes: 8 additions & 0 deletions x-pack/legacy/plugins/siem/cypress/screens/rule_details.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@

export const ABOUT_FALSE_POSITIVES = 3;

export const ABOUT_INVESTIGATION_NOTES = '[data-test-subj="stepAboutDetailsNoteContent"]';

export const ABOUT_MITRE = 4;

export const ABOUT_RULE_DESCRIPTION = '[data-test-subj=stepAboutRuleDetailsToggleDescriptionText]';
Expand All @@ -32,10 +34,16 @@ export const DEFINITION_INDEX_PATTERNS =
export const DEFINITION_STEP =
'[data-test-subj=definitionRule] [data-test-subj="listItemColumnStepRuleDescription"] .euiDescriptionList__description';

export const INVESTIGATION_NOTES_MARKDOWN = 'test markdown';

export const INVESTIGATION_NOTES_TOGGLE = 1;

export const MACHINE_LEARNING_JOB_ID = '[data-test-subj="machineLearningJobId"]';

export const MACHINE_LEARNING_JOB_STATUS = '[data-test-subj="machineLearningJobStatus" ]';

export const RULE_ABOUT_DETAILS_HEADER_TOGGLE = '[data-test-subj="stepAboutDetailsToggle"]';

export const RULE_NAME_HEADER = '[data-test-subj="header-page-title"]';

export const RULE_TYPE = 0;
Expand Down
3 changes: 3 additions & 0 deletions x-pack/legacy/plugins/siem/cypress/tasks/create_new_rule.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import {
CUSTOM_QUERY_INPUT,
DEFINE_CONTINUE_BUTTON,
FALSE_POSITIVES_INPUT,
INVESTIGATION_NOTES_TEXTAREA,
MACHINE_LEARNING_DROPDOWN,
MACHINE_LEARNING_LIST,
MACHINE_LEARNING_TYPE,
Expand Down Expand Up @@ -82,6 +83,8 @@ export const fillAboutRuleAndContinue = (rule: CustomRule | MachineLearningRule)
cy.get(MITRE_BTN).click({ force: true });
});

cy.get(INVESTIGATION_NOTES_TEXTAREA).type(rule.note, { force: true });

cy.get(ABOUT_CONTINUE_BTN)
.should('exist')
.click({ force: true });
Expand Down
Loading