diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/__snapshots__/alert_summary_view.test.tsx.snap b/x-pack/plugins/security_solution/public/common/components/event_details/__snapshots__/alert_summary_view.test.tsx.snap index 8772def686122..2c7c820cdd7a3 100644 --- a/x-pack/plugins/security_solution/public/common/components/event_details/__snapshots__/alert_summary_view.test.tsx.snap +++ b/x-pack/plugins/security_solution/public/common/components/event_details/__snapshots__/alert_summary_view.test.tsx.snap @@ -25,8 +25,6 @@ exports[`AlertSummaryView Behavior event code renders additional summary rows 1` } .c2 { - min-width: 138px; - padding: 0 8px; display: -webkit-box; display: -webkit-flex; display: -ms-flexbox; @@ -116,28 +114,30 @@ exports[`AlertSummaryView Behavior event code renders additional summary rows 1` class="euiTableRow" > +
- Status + host.name
+
- open -
-
-
-
-
-

- You are in a dialog, containing options for field kibana.alert.workflow_status. Press tab to navigate options. Press escape to exit. -

-
- Filter button -
-
- Filter out button -
-
- Overflow button + windows-native
- - - - - -
-
- Timestamp -
-
- - -
-
-
- - Nov 25, 2020 @ 15:42:39.417 - -
-
@@ -229,7 +158,7 @@ exports[`AlertSummaryView Behavior event code renders additional summary rows 1`

- You are in a dialog, containing options for field @timestamp. Press tab to navigate options. Press escape to exit. + You are in a dialog, containing options for field host.name. Press tab to navigate options. Press escape to exit.

Overflow button
@@ -258,28 +187,30 @@ exports[`AlertSummaryView Behavior event code renders additional summary rows 1` class="euiTableRow" > +
- Rule + user.name
+
- xxx + administrator
@@ -300,7 +231,7 @@ exports[`AlertSummaryView Behavior event code renders additional summary rows 1`

- You are in a dialog, containing options for field kibana.alert.rule.name. Press tab to navigate options. Press escape to exit. + You are in a dialog, containing options for field user.name. Press tab to navigate options. Press escape to exit.

Overflow button
@@ -329,37 +260,45 @@ exports[`AlertSummaryView Behavior event code renders additional summary rows 1` class="euiTableRow" > +
- Severity + source.ip
+
-
- low -
+ +
- You are in a dialog, containing options for field kibana.alert.severity. Press tab to navigate options. Press escape to exit. + You are in a dialog, containing options for field source.ip. Press tab to navigate options. Press escape to exit.

Overflow button
@@ -396,776 +335,130 @@ exports[`AlertSummaryView Behavior event code renders additional summary rows 1`
- + + +
+
+`; + +exports[`AlertSummaryView Memory event code renders additional summary rows 1`] = ` +.c0 .euiTableHeaderCell, +.c0 .euiTableRowCell { + border: none; +} + +.c0 .euiTableHeaderCell .euiTableCellContent { + padding: 0; +} + +.c0 .flyoutOverviewDescription .hoverActions-active .timelines__hoverActionButton, +.c0 .flyoutOverviewDescription .hoverActions-active .securitySolution__hoverActionButton { + opacity: 1; +} + +.c0 .flyoutOverviewDescription:hover .timelines__hoverActionButton, +.c0 .flyoutOverviewDescription:hover .securitySolution__hoverActionButton { + opacity: 1; +} + +.c1 { + line-height: 1.7rem; +} + +.c2 { + display: -webkit-box; + display: -webkit-flex; + display: -ms-flexbox; + display: flex; +} + +.c2:focus-within .timelines__hoverActionButton, +.c2:focus-within .securitySolution__hoverActionButton { + opacity: 1; +} + +.c2:hover .timelines__hoverActionButton, +.c2:hover .securitySolution__hoverActionButton { + opacity: 1; +} + +.c2 .timelines__hoverActionButton, +.c2 .securitySolution__hoverActionButton { + opacity: 0; +} + +.c2 .timelines__hoverActionButton:focus, +.c2 .securitySolution__hoverActionButton:focus { + opacity: 1; +} + +
+
+
+
+
+
+
+
+ + + - - - - - - - - - - - - - - -
+
-
-
- Risk Score -
-
+ +
-
-
-
-
- 21 -
-
-
-
-
-

- You are in a dialog, containing options for field kibana.alert.risk_score. Press tab to navigate options. Press escape to exit. -

-
- Filter button -
-
- Filter out button -
-
- Overflow button -
-
-
-
-
-
-
- host.name -
-
-
-
-
-
-
- windows-native -
-
-
-
-
-

- You are in a dialog, containing options for field host.name. Press tab to navigate options. Press escape to exit. -

-
- Filter button -
-
- Filter out button -
-
- Overflow button -
-
-
-
-
-
-
- user.name -
-
-
-
-
-
-
- administrator -
-
-
-
-
-

- You are in a dialog, containing options for field user.name. Press tab to navigate options. Press escape to exit. -

-
- Filter button -
-
- Filter out button -
-
- Overflow button -
-
-
-
-
-
-
- source.ip -
-
-
-
-
-
- - - -
-
-
-
-

- You are in a dialog, containing options for field source.ip. Press tab to navigate options. Press escape to exit. -

-
- Filter button -
-
- Filter out button -
-
- Overflow button -
-
-
-
-
-
-
-`; - -exports[`AlertSummaryView Memory event code renders additional summary rows 1`] = ` -.c0 .euiTableHeaderCell, -.c0 .euiTableRowCell { - border: none; -} - -.c0 .euiTableHeaderCell .euiTableCellContent { - padding: 0; -} - -.c0 .flyoutOverviewDescription .hoverActions-active .timelines__hoverActionButton, -.c0 .flyoutOverviewDescription .hoverActions-active .securitySolution__hoverActionButton { - opacity: 1; -} - -.c0 .flyoutOverviewDescription:hover .timelines__hoverActionButton, -.c0 .flyoutOverviewDescription:hover .securitySolution__hoverActionButton { - opacity: 1; -} - -.c1 { - line-height: 1.7rem; -} - -.c2 { - min-width: 138px; - padding: 0 8px; - display: -webkit-box; - display: -webkit-flex; - display: -ms-flexbox; - display: flex; -} - -.c2:focus-within .timelines__hoverActionButton, -.c2:focus-within .securitySolution__hoverActionButton { - opacity: 1; -} - -.c2:hover .timelines__hoverActionButton, -.c2:hover .securitySolution__hoverActionButton { - opacity: 1; -} - -.c2 .timelines__hoverActionButton, -.c2 .securitySolution__hoverActionButton { - opacity: 0; -} - -.c2 .timelines__hoverActionButton:focus, -.c2 .securitySolution__hoverActionButton:focus { - opacity: 1; -} - -
-
-
-
-
-
-
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - + +
-
- - - - - - - -
-
-
- Status -
-
-
-
-
-
-
- open -
-
-
-
-
-

- You are in a dialog, containing options for field kibana.alert.workflow_status. Press tab to navigate options. Press escape to exit. -

-
- Filter button -
-
- Filter out button -
-
- Overflow button -
-
-
-
-
-
-
- Timestamp -
-
-
-
-
-
- - Nov 25, 2020 @ 15:42:39.417 - -
-
-
-
-

- You are in a dialog, containing options for field @timestamp. Press tab to navigate options. Press escape to exit. -

-
- Filter button -
-
- Filter out button -
-
- Overflow button -
-
-
-
-
-
-
- Rule -
-
-
-
-
-
-
- xxx -
-
-
-
-
-

- You are in a dialog, containing options for field kibana.alert.rule.name. Press tab to navigate options. Press escape to exit. -

-
- Filter button -
-
- Filter out button -
-
- Overflow button -
-
-
-
-
-
-
- Severity -
-
-
-
-
-
-
- low -
-
-
-
-
-

- You are in a dialog, containing options for field kibana.alert.severity. Press tab to navigate options. Press escape to exit. -

-
- Filter button -
-
- Filter out button -
-
- Overflow button -
-
-
-
-
-
-
- Risk Score -
-
-
-
-
-
-
- 21 -
-
-
-
-
-

- You are in a dialog, containing options for field kibana.alert.risk_score. Press tab to navigate options. Press escape to exit. -

-
- Filter button -
-
- Filter out button -
-
- Overflow button -
-
-
-
+ +
+
@@ -1177,8 +470,9 @@ exports[`AlertSummaryView Memory event code renders additional summary rows 1`]
+
@@ -1234,9 +528,10 @@ exports[`AlertSummaryView Memory event code renders additional summary rows 1`] class="euiTableRow" >
+
@@ -1248,8 +543,9 @@ exports[`AlertSummaryView Memory event code renders additional summary rows 1`]
+
@@ -1305,9 +601,10 @@ exports[`AlertSummaryView Memory event code renders additional summary rows 1`] class="euiTableRow" >
+
@@ -1319,8 +616,9 @@ exports[`AlertSummaryView Memory event code renders additional summary rows 1`]
+
diff --git a/x-pack/plugins/security_solution/public/common/components/event_details/alert_summary_view.test.tsx b/x-pack/plugins/security_solution/public/common/components/event_details/alert_summary_view.test.tsx index 7e1e71a01642f..135aa527eb7a1 100644 --- a/x-pack/plugins/security_solution/public/common/components/event_details/alert_summary_view.test.tsx +++ b/x-pack/plugins/security_solution/public/common/components/event_details/alert_summary_view.test.tsx @@ -83,7 +83,7 @@ describe('AlertSummaryView', () => { expect(queryByTestId('summary-view-guide')).not.toBeInTheDocument(); }); }); - test.skip('Memory event code renders additional summary rows', () => { + test('Memory event code renders additional summary rows', () => { const renderProps = { ...props, data: mockAlertDetailsData.map((item) => { @@ -105,7 +105,7 @@ describe('AlertSummaryView', () => { ); expect(container.querySelector('div[data-test-subj="summary-view"]')).toMatchSnapshot(); }); - test.skip('Behavior event code renders additional summary rows', () => { + test('Behavior event code renders additional summary rows', () => { const renderProps = { ...props, data: mockAlertDetailsData.map((item) => { diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/step_about_rule/index.test.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/step_about_rule/index.test.tsx index 01ba47f728e43..3c34897fe2e65 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/step_about_rule/index.test.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/rules/step_about_rule/index.test.tsx @@ -44,8 +44,7 @@ jest.mock('@elastic/eui', () => { }; }); -// Failing with rule registry enabled -describe.skip('StepAboutRuleComponent', () => { +describe('StepAboutRuleComponent', () => { let formHook: RuleStepsFormHooks[RuleStep.aboutRule] | null = null; const setFormHook = ( step: K, @@ -149,14 +148,19 @@ describe.skip('StepAboutRuleComponent', () => { ); + wrapper + .find('[data-test-subj="detectionEngineStepAboutRuleDescription"] textarea') + .first() + .simulate('change', { target: { value: 'Test description text' } }); + wrapper + .find('[data-test-subj="detectionEngineStepAboutRuleName"] input') + .first() + .simulate('change', { target: { value: 'Test name text' } }); + await act(async () => { if (!formHook) { throw new Error('Form hook not set, but tests depend on it'); } - wrapper - .find('[data-test-subj="detectionEngineStepAboutThreatIndicatorPath"] input') - .first() - .simulate('change', { target: { value: '' } }); const result = await formHook(); expect(result?.isValid).toEqual(true); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/add_prepackaged_rules_route.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/add_prepackaged_rules_route.test.ts index a094ea84e9bf1..3ec8cb733aa28 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/add_prepackaged_rules_route.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/add_prepackaged_rules_route.test.ts @@ -11,7 +11,6 @@ import { getFindResultWithSingleHit, getAlertMock, getBasicEmptySearchResponse, - getBasicNoShardsSearchResponse, } from '../__mocks__/request_responses'; import { configMock, requestContextMock, serverMock } from '../__mocks__'; import { AddPrepackagedRulesSchemaDecoded } from '../../../../../common/detection_engine/schemas/request/add_prepackaged_rules_schema'; @@ -71,15 +70,10 @@ jest.mock('../../../timeline/routes/prepackaged_timelines/install_prepackaged_ti }; }); -// Failing with rule registry enabled -describe.skip.each([ - ['Legacy', false], - ['RAC', true], -])('add_prepackaged_rules_route - %s', (_, isRuleRegistryEnabled) => { +describe('add_prepackaged_rules_route', () => { let server: ReturnType; let { clients, context } = requestContextMock.createTools(); let mockExceptionsClient: ExceptionListClient; - const testif = isRuleRegistryEnabled ? test.skip : test; const defaultConfig = context.securitySolution.getConfig(); beforeEach(() => { @@ -88,13 +82,11 @@ describe.skip.each([ mockExceptionsClient = listMock.getExceptionListClient(); context.securitySolution.getConfig.mockImplementation(() => - configMock.withRuleRegistryEnabled(defaultConfig, isRuleRegistryEnabled) + configMock.withRuleRegistryEnabled(defaultConfig, true) ); - clients.rulesClient.find.mockResolvedValue(getFindResultWithSingleHit(isRuleRegistryEnabled)); - clients.rulesClient.update.mockResolvedValue( - getAlertMock(isRuleRegistryEnabled, getQueryRuleParams()) - ); + clients.rulesClient.find.mockResolvedValue(getFindResultWithSingleHit(true)); + clients.rulesClient.update.mockResolvedValue(getAlertMock(true, getQueryRuleParams())); (installPrepackagedTimelines as jest.Mock).mockReset(); (installPrepackagedTimelines as jest.Mock).mockResolvedValue({ @@ -131,26 +123,6 @@ describe.skip.each([ }); }); - test('it returns a 400 if the index does not exist when rule registry not enabled', async () => { - const request = addPrepackagedRulesRequest(); - context.core.elasticsearch.client.asCurrentUser.search.mockResolvedValueOnce( - elasticsearchClientMock.createSuccessTransportRequestPromise( - getBasicNoShardsSearchResponse() - ) - ); - const response = await server.inject(request, context); - - expect(response.status).toEqual(isRuleRegistryEnabled ? 200 : 400); - if (!isRuleRegistryEnabled) { - expect(response.body).toEqual({ - status_code: 400, - message: expect.stringContaining( - 'Pre-packaged rules cannot be installed until the signals index is created' - ), - }); - } - }); - test('returns 404 if siem client is unavailable', async () => { const { securitySolution, ...contextWithoutSecuritySolution } = context; const response = await server.inject( @@ -190,20 +162,6 @@ describe.skip.each([ timelines_updated: 0, }); }); - - testif( - 'catches errors if signals index does not exist when rule registry not enabled', - async () => { - context.core.elasticsearch.client.asCurrentUser.search.mockResolvedValue( - elasticsearchClientMock.createErrorTransportRequestPromise(new Error('Test error')) - ); - const request = addPrepackagedRulesRequest(); - const response = await server.inject(request, context); - - expect(response.status).toEqual(500); - expect(response.body).toEqual({ message: 'Test error', status_code: 500 }); - } - ); }); test('should install prepackaged timelines', async () => { diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/update_rules.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/update_rules.test.ts index 79371aa6e68b6..ecf625ceaee17 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/update_rules.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/update_rules.test.ts @@ -12,18 +12,12 @@ import { RulesClientMock } from '../../../../../alerting/server/rules_client.moc import { getMlRuleParams, getQueryRuleParams } from '../schemas/rule_schemas.mock'; // Failing with rule registry enabled -describe.skip.each([ - ['Legacy', false], - ['RAC', true], -])('updateRules - %s', (_, isRuleRegistryEnabled) => { +describe('updateRules', () => { it('should call rulesClient.disable if the rule was enabled and enabled is false', async () => { - const rulesOptionsMock = getUpdateRulesOptionsMock(isRuleRegistryEnabled); + const rulesOptionsMock = getUpdateRulesOptionsMock(true); rulesOptionsMock.ruleUpdate.enabled = false; - (rulesOptionsMock.rulesClient as unknown as RulesClientMock).resolve.mockResolvedValue( - resolveAlertMock(isRuleRegistryEnabled, getQueryRuleParams()) - ); (rulesOptionsMock.rulesClient as unknown as RulesClientMock).update.mockResolvedValue( - getAlertMock(isRuleRegistryEnabled, getQueryRuleParams()) + getAlertMock(true, getQueryRuleParams()) ); await updateRules(rulesOptionsMock); @@ -36,15 +30,18 @@ describe.skip.each([ }); it('should call rulesClient.enable if the rule was disabled and enabled is true', async () => { - const rulesOptionsMock = getUpdateRulesOptionsMock(isRuleRegistryEnabled); + const baseRulesOptionsMock = getUpdateRulesOptionsMock(true); + const rulesOptionsMock = { + ...baseRulesOptionsMock, + existingRule: { + ...baseRulesOptionsMock.existingRule, + enabled: false, + }, + }; rulesOptionsMock.ruleUpdate.enabled = true; - (rulesOptionsMock.rulesClient as unknown as RulesClientMock).resolve.mockResolvedValue({ - ...resolveAlertMock(isRuleRegistryEnabled, getQueryRuleParams()), - enabled: false, - }); (rulesOptionsMock.rulesClient as unknown as RulesClientMock).update.mockResolvedValue( - getAlertMock(isRuleRegistryEnabled, getQueryRuleParams()) + getAlertMock(true, getQueryRuleParams()) ); await updateRules(rulesOptionsMock); @@ -57,15 +54,15 @@ describe.skip.each([ }); it('calls the rulesClient with params', async () => { - const rulesOptionsMock = getUpdateMlRulesOptionsMock(isRuleRegistryEnabled); + const rulesOptionsMock = getUpdateMlRulesOptionsMock(true); rulesOptionsMock.ruleUpdate.enabled = true; (rulesOptionsMock.rulesClient as unknown as RulesClientMock).update.mockResolvedValue( - getAlertMock(isRuleRegistryEnabled, getMlRuleParams()) + getAlertMock(true, getMlRuleParams()) ); (rulesOptionsMock.rulesClient as unknown as RulesClientMock).resolve.mockResolvedValue( - resolveAlertMock(isRuleRegistryEnabled, getMlRuleParams()) + resolveAlertMock(true, getMlRuleParams()) ); await updateRules(rulesOptionsMock);