diff --git a/.buildkite/ftr_configs.yml b/.buildkite/ftr_configs.yml index 26e8d3855bf7b..c5028cd30ea29 100644 --- a/.buildkite/ftr_configs.yml +++ b/.buildkite/ftr_configs.yml @@ -225,7 +225,6 @@ enabled: - x-pack/test/detection_engine_api_integration/security_and_spaces/group1/config.ts - x-pack/test/detection_engine_api_integration/security_and_spaces/group4/config.ts - x-pack/test/detection_engine_api_integration/security_and_spaces/group5/config.ts - - x-pack/test/detection_engine_api_integration/security_and_spaces/group6/config.ts - x-pack/test/detection_engine_api_integration/security_and_spaces/group10/config.ts - x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/config.ts - x-pack/test/detection_engine_api_integration/security_and_spaces/prebuilt_rules/config.ts @@ -461,6 +460,8 @@ enabled: - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/actions/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/actions/configs/ess.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/configs/serverless.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/configs/ess.config.ts diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 78da2a39baf10..1dc3be1a66d6d 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1312,8 +1312,10 @@ x-pack/plugins/cloud_integrations/cloud_full_story/server/config.ts @elastic/kib /x-pack/test/security_solution_cypress/cypress/e2e/entity_analytics @elastic/security-detection-engine /x-pack/test/security_solution_cypress/cypress/e2e/exceptions @elastic/security-detection-engine /x-pack/test/security_solution_cypress/cypress/e2e/overview @elastic/security-detection-engine -x-pack/test/security_solution_api_integration/test_suites/detections_response/exceptions @elastic/security-detection-engine -x-pack/test/security_solution_api_integration/test_suites/detections_response/rule_creation @elastic/security-detection-engine +x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions @elastic/security-detection-engine +x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation @elastic/security-detection-engine +x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/actions @elastic/security-detection-engine +x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts @elastic/security-detection-engine ## Security Threat Intelligence - Under Security Platform /x-pack/plugins/security_solution/public/common/components/threat_match @elastic/security-detection-engine diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/find_rule_exception_references.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/find_rule_exception_references.ts deleted file mode 100644 index dc63651aafc14..0000000000000 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/find_rule_exception_references.ts +++ /dev/null @@ -1,230 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -/* eslint-disable @typescript-eslint/naming-convention */ - -import expect from '@kbn/expect'; - -import { - CreateExceptionListSchema, - ExceptionListTypeEnum, -} from '@kbn/securitysolution-io-ts-list-types'; - -import { getCreateExceptionListMinimalSchemaMock } from '@kbn/lists-plugin/common/schemas/request/create_exception_list_schema.mock'; -import { - DETECTION_ENGINE_RULES_EXCEPTIONS_REFERENCE_URL, - RuleReferencesSchema, -} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_exceptions'; - -import { FtrProviderContext } from '../../common/ftr_provider_context'; -import { - createRule, - getSimpleRule, - createSignalsIndex, - deleteAllAlerts, - deleteAllRules, - createExceptionList, -} from '../../utils'; -import { deleteAllExceptions } from '../../../lists_api_integration/utils'; - -// eslint-disable-next-line import/no-default-export -export default ({ getService }: FtrProviderContext) => { - const supertest = getService('supertest'); - const log = getService('log'); - const es = getService('es'); - - describe('find_rule_exception_references', () => { - before(async () => { - await createSignalsIndex(supertest, log); - }); - - after(async () => { - await deleteAllAlerts(supertest, log, es); - await deleteAllRules(supertest, log); - }); - - afterEach(async () => { - await deleteAllExceptions(supertest, log); - }); - - it('returns empty array per list_id if no references are found', async () => { - // create exception list - const newExceptionList: CreateExceptionListSchema = { - ...getCreateExceptionListMinimalSchemaMock(), - list_id: 'i_exist', - namespace_type: 'single', - type: ExceptionListTypeEnum.DETECTION, - }; - const exceptionList = await createExceptionList(supertest, log, newExceptionList); - - // create rule - await createRule(supertest, log, getSimpleRule('rule-1')); - - const { body: references } = await supertest - .get(DETECTION_ENGINE_RULES_EXCEPTIONS_REFERENCE_URL) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '1') - .query({ - ids: `${exceptionList.id}`, - list_ids: `${exceptionList.list_id}`, - namespace_types: `${exceptionList.namespace_type}`, - }) - .expect(200); - - const { - _version, - id, - created_at, - created_by, - tie_breaker_id, - updated_at, - updated_by, - ...referencesWithoutServerValues - } = references.references[0].i_exist; - - expect({ - references: [ - { - i_exist: { - ...referencesWithoutServerValues, - }, - }, - ], - }).to.eql({ - references: [ - { - i_exist: { - description: 'some description', - immutable: false, - list_id: 'i_exist', - name: 'some name', - namespace_type: 'single', - os_types: [], - tags: [], - type: 'detection', - version: 1, - referenced_rules: [], - }, - }, - ], - }); - }); - - it('returns empty array per list_id if list does not exist', async () => { - // create rule - await createRule(supertest, log, getSimpleRule('rule-1')); - - const { body: references } = await supertest - .get(DETECTION_ENGINE_RULES_EXCEPTIONS_REFERENCE_URL) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '1') - .query({ - ids: `1234`, - list_ids: `i_dont_exist`, - namespace_types: `single`, - }) - .expect(200); - - expect(references).to.eql({ references: [] }); - }); - - it('returns found references', async () => { - // create exception list - const newExceptionList: CreateExceptionListSchema = { - ...getCreateExceptionListMinimalSchemaMock(), - list_id: 'i_exist', - namespace_type: 'single', - type: ExceptionListTypeEnum.DETECTION, - }; - const exceptionList = await createExceptionList(supertest, log, newExceptionList); - const exceptionList2 = await createExceptionList(supertest, log, { - ...newExceptionList, - list_id: 'i_exist_2', - }); - - // create rule - await createRule(supertest, log, { - ...getSimpleRule('rule-2'), - exceptions_list: [ - { - id: `${exceptionList.id}`, - list_id: `${exceptionList.list_id}`, - namespace_type: `${exceptionList.namespace_type}`, - type: `${exceptionList.type}`, - }, - { - id: `${exceptionList2.id}`, - list_id: `${exceptionList2.list_id}`, - namespace_type: `${exceptionList2.namespace_type}`, - type: `${exceptionList2.type}`, - }, - ], - }); - - const { body: references } = await supertest - .get(DETECTION_ENGINE_RULES_EXCEPTIONS_REFERENCE_URL) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '1') - .query({ - ids: `${exceptionList.id},${exceptionList2.id}`, - list_ids: `${exceptionList.list_id},${exceptionList2.list_id}`, - namespace_types: `${exceptionList.namespace_type},${exceptionList2.namespace_type}`, - }) - .expect(200); - - const refs = references.references.flatMap((ref: RuleReferencesSchema) => Object.keys(ref)); - - expect(refs.sort()).to.eql(['i_exist', 'i_exist_2'].sort()); - }); - - it('returns found references for all existing exception lists if no list id/list_id passed in', async () => { - // create exception list - const newExceptionList: CreateExceptionListSchema = { - ...getCreateExceptionListMinimalSchemaMock(), - list_id: 'i_exist', - namespace_type: 'single', - type: ExceptionListTypeEnum.DETECTION, - }; - const exceptionList = await createExceptionList(supertest, log, newExceptionList); - const exceptionList2 = await createExceptionList(supertest, log, { - ...newExceptionList, - list_id: 'i_exist_2', - }); - - // create rule - await createRule(supertest, log, { - ...getSimpleRule('rule-2'), - exceptions_list: [ - { - id: `${exceptionList.id}`, - list_id: `${exceptionList.list_id}`, - namespace_type: `${exceptionList.namespace_type}`, - type: `${exceptionList.type}`, - }, - { - id: `${exceptionList2.id}`, - list_id: `${exceptionList2.list_id}`, - namespace_type: `${exceptionList2.namespace_type}`, - type: `${exceptionList2.type}`, - }, - ], - }); - - const { body: references } = await supertest - .get(DETECTION_ENGINE_RULES_EXCEPTIONS_REFERENCE_URL) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '1') - .query({ - namespace_types: 'single,agnostic', - }) - .expect(200); - - const refs = references.references.flatMap((ref: RuleReferencesSchema) => Object.keys(ref)); - expect(refs.sort()).to.eql(['i_exist', 'i_exist_2', 'endpoint_list'].sort()); - }); - }); -}; diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/index.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/index.ts index 94ba07b31bddf..44d912f3271c6 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/index.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/index.ts @@ -14,15 +14,12 @@ export default ({ loadTestFile }: FtrProviderContext): void => { // action migration code. We are monitoring legacy action telemetry to clean up once we see their // existence being near 0. - loadTestFile(require.resolve('./aliases')); loadTestFile(require.resolve('./check_privileges')); - loadTestFile(require.resolve('./create_index')); loadTestFile(require.resolve('./create_rules_bulk')); loadTestFile(require.resolve('./delete_rules')); loadTestFile(require.resolve('./delete_rules_bulk')); loadTestFile(require.resolve('./export_rules')); loadTestFile(require.resolve('./find_rules')); - loadTestFile(require.resolve('./find_rule_exception_references')); loadTestFile(require.resolve('./get_rule_management_filters')); }); }; diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/index.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/index.ts index 7822d11698c95..350ac868ac90e 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/index.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/index.ts @@ -26,11 +26,6 @@ export default ({ loadTestFile }: FtrProviderContext): void => { loadTestFile(require.resolve('./perform_bulk_action_dry_run')); loadTestFile(require.resolve('./patch_rules')); loadTestFile(require.resolve('./read_privileges')); - loadTestFile(require.resolve('./open_close_signals')); - loadTestFile(require.resolve('./get_signals_migration_status')); - loadTestFile(require.resolve('./create_signals_migrations')); - loadTestFile(require.resolve('./finalize_signals_migrations')); - loadTestFile(require.resolve('./delete_signals_migrations')); loadTestFile(require.resolve('./timestamps')); loadTestFile(require.resolve('./runtime')); loadTestFile(require.resolve('./throttle')); @@ -40,6 +35,5 @@ export default ({ loadTestFile }: FtrProviderContext): void => { loadTestFile(require.resolve('./risk_engine/risk_score_calculation')); loadTestFile(require.resolve('./risk_engine/risk_scoring_task_execution')); loadTestFile(require.resolve('./risk_engine/telemetry_usage')); - loadTestFile(require.resolve('./set_alert_tags')); }); }; diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group6/alerts/index.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group6/alerts/index.ts deleted file mode 100644 index 320650a4c79e3..0000000000000 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group6/alerts/index.ts +++ /dev/null @@ -1,15 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrProviderContext } from '../../../common/ftr_provider_context'; - -// eslint-disable-next-line import/no-default-export -export default ({ loadTestFile }: FtrProviderContext): void => { - describe('Detection engine signals/alerts compatibility', function () { - loadTestFile(require.resolve('./alerts_compatibility')); - }); -}; diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group6/index.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group6/index.ts deleted file mode 100644 index 92c235e95c0e4..0000000000000 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group6/index.ts +++ /dev/null @@ -1,15 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrProviderContext } from '../../common/ftr_provider_context'; - -// eslint-disable-next-line import/no-default-export -export default ({ loadTestFile }: FtrProviderContext): void => { - describe('detection engine api security and spaces enabled - Group 6', function () { - loadTestFile(require.resolve('./alerts')); - }); -}; diff --git a/x-pack/test/detection_engine_api_integration/utils/index.ts b/x-pack/test/detection_engine_api_integration/utils/index.ts index 5aca507b7134f..432923baefb1d 100644 --- a/x-pack/test/detection_engine_api_integration/utils/index.ts +++ b/x-pack/test/detection_engine_api_integration/utils/index.ts @@ -25,7 +25,6 @@ export * from './delete_all_rule_execution_info'; export * from './delete_all_alerts'; export * from './delete_all_timelines'; export * from './delete_exception_list'; -export * from './delete_migrations'; export * from './delete_rule'; export * from './downgrade_immutable_rule'; export * from './finalize_signals_migration'; @@ -35,14 +34,12 @@ export * from './get_complex_rule_output'; export * from './get_detection_metrics_from_body'; export * from './get_eql_rule_for_signal_testing'; export * from './get_event_log_execute_complete_by_id'; -export * from './get_index_name_from_load'; export * from './get_legacy_action_notification_so'; export * from './get_open_signals'; export * from './get_preview_alerts'; export * from './get_query_all_signals'; -export * from './get_query_signal_ids'; -export * from './get_query_signals_ids'; export * from './get_query_signals_rule_id'; +export * from './get_query_signal_ids'; export * from './get_rule'; export * from './get_rules_as_ndjson'; export * from './get_rule_for_signal_testing'; @@ -53,7 +50,6 @@ export * from './get_rule_with_legacy_investigation_fields'; export * from './get_saved_query_rule_for_signal_testing'; export * from './get_security_telemetry_stats'; export * from './get_signal_status'; -export * from './get_signal_status_empty_response'; export * from './get_signals_by_id'; export * from './get_signals_by_ids'; export * from './get_signals_by_rule_ids'; @@ -93,7 +89,6 @@ export * from './update_rule'; export * from './wait_for'; export * from './wait_for_alert_to_complete'; export * from './wait_for_event_log_execute_complete'; -export * from './wait_for_index_to_populate'; export * from './wait_for_rule_status'; export * from './wait_for_signals_to_be_present'; export * from './prebuilt_rules/create_prebuilt_rule_saved_objects'; diff --git a/x-pack/test/security_solution_api_integration/package.json b/x-pack/test/security_solution_api_integration/package.json index d431f6c0ebed6..24696f0c00bf0 100644 --- a/x-pack/test/security_solution_api_integration/package.json +++ b/x-pack/test/security_solution_api_integration/package.json @@ -36,6 +36,11 @@ "actions:runner:serverless": "npm run run-tests:dr:default actions serverless serverlessEnv", "actions:qa:serverless": "npm run run-tests:dr:default actions serverless qaEnv", "actions:server:ess": "npm run initialize-server:dr:default actions ess", - "actions:runner:ess": "npm run run-tests:dr:default actions ess essEnv" + "actions:runner:ess": "npm run run-tests:dr:default actions ess essEnv", + "alerts:server:serverless": "npm run initialize-server:dr:default alerts serverless", + "alerts:runner:serverless": "npm run run-tests:dr:default alerts serverless serverlessEnv", + "alerts:qa:serverless": "npm run run-tests:dr:default alerts serverless qaEnv", + "alerts:server:ess": "npm run initialize-server:dr:default alerts ess", + "alerts:runner:ess": "npm run run-tests:dr:default alerts ess essEnv" } } diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group6/alerts/alerts_compatibility.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/alerts_compatibility.ts similarity index 89% rename from x-pack/test/detection_engine_api_integration/security_and_spaces/group6/alerts/alerts_compatibility.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/alerts_compatibility.ts index 9e7b6265a2b9f..9e4a9d05771d1 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group6/alerts/alerts_compatibility.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/alerts_compatibility.ts @@ -22,32 +22,31 @@ import { } from '@kbn/security-solution-plugin/common/api/detection_engine'; import { createRule, - createSignalsIndex, + createAlertsIndex, deleteAllRules, deleteAllAlerts, - finalizeSignalsMigration, - getEqlRuleForSignalTesting, - getRuleForSignalTesting, - getSavedQueryRuleForSignalTesting, - getSignalsByIds, - getThreatMatchRuleForSignalTesting, - getThresholdRuleForSignalTesting, - startSignalsMigration, + finalizeAlertsMigration, + getEqlRuleForAlertTesting, + getRuleForAlertTesting, + getSavedQueryRuleForAlertTesting, + getAlertsByIds, + getThreatMatchRuleForAlertTesting, + getThresholdRuleForAlertTesting, + startAlertsMigration, waitFor, waitForRuleSuccess, - waitForSignalsToBePresent, -} from '../../../utils'; -import { FtrProviderContext } from '../../../common/ftr_provider_context'; -import { removeRandomValuedProperties } from '../../rule_execution_logic/utils'; + waitForAlertsToBePresent, + removeRandomValuedProperties, +} from '../../utils'; +import { FtrProviderContext } from '../../../../ftr_provider_context'; -// eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext) => { const esArchiver = getService('esArchiver'); const log = getService('log'); const supertest = getService('supertest'); const es = getService('es'); - describe('Alerts Compatibility', function () { + describe('@ess Alerts Compatibility', function () { describe('CTI', () => { const expectedDomain = 'elastic.local'; const expectedProvider = 'provider1'; @@ -63,7 +62,7 @@ export default ({ getService }: FtrProviderContext) => { await esArchiver.load( 'x-pack/test/functional/es_archives/security_solution/legacy_cti_signals' ); - await createSignalsIndex(supertest, log); + await createAlertsIndex(supertest, log); }); afterEach(async () => { @@ -124,14 +123,14 @@ export default ({ getService }: FtrProviderContext) => { expect(indices.length).to.eql(1); expect(indices[0].is_outdated).to.eql(true); - const [migration] = await startSignalsMigration({ + const [migration] = await startAlertsMigration({ indices: [indices[0].index], supertest, log, }); await waitFor( async () => { - const [{ completed }] = await finalizeSignalsMigration({ + const [{ completed }] = await finalizeAlertsMigration({ migrationIds: [migration.migration_id], supertest, log, @@ -183,26 +182,26 @@ export default ({ getService }: FtrProviderContext) => { }); it('should generate a signal-on-legacy-signal with legacy index pattern', async () => { - const rule: ThreatMatchRuleCreateProps = getThreatMatchRuleForSignalTesting([ + const rule: ThreatMatchRuleCreateProps = getThreatMatchRuleForAlertTesting([ '.siem-signals-*', ]); const { id } = await createRule(supertest, log, rule); await waitForRuleSuccess({ supertest, log, id }); - await waitForSignalsToBePresent(supertest, log, 1, [id]); - const signalsOpen = await getSignalsByIds(supertest, log, [id]); + await waitForAlertsToBePresent(supertest, log, 1, [id]); + const signalsOpen = await getAlertsByIds(supertest, log, [id]); expect(signalsOpen.hits.hits.length).greaterThan(0); const hit = signalsOpen.hits.hits[0]; expect(hit._source?.kibana).to.eql(undefined); }); it('should generate a signal-on-legacy-signal with AAD index pattern', async () => { - const rule: ThreatMatchRuleCreateProps = getThreatMatchRuleForSignalTesting([ + const rule: ThreatMatchRuleCreateProps = getThreatMatchRuleForAlertTesting([ `.alerts-security.alerts-default`, ]); const { id } = await createRule(supertest, log, rule); await waitForRuleSuccess({ supertest, log, id }); - await waitForSignalsToBePresent(supertest, log, 1, [id]); - const signalsOpen = await getSignalsByIds(supertest, log, [id]); + await waitForAlertsToBePresent(supertest, log, 1, [id]); + const signalsOpen = await getAlertsByIds(supertest, log, [id]); expect(signalsOpen.hits.hits.length).greaterThan(0); const hit = signalsOpen.hits.hits[0]; expect(hit._source?.kibana).to.eql(undefined); @@ -212,7 +211,7 @@ export default ({ getService }: FtrProviderContext) => { describe('Query', () => { beforeEach(async () => { await esArchiver.load('x-pack/test/functional/es_archives/security_solution/alerts/7.16.0'); - await createSignalsIndex(supertest, log); + await createAlertsIndex(supertest, log); }); afterEach(async () => { @@ -224,11 +223,11 @@ export default ({ getService }: FtrProviderContext) => { }); it('should generate a signal-on-legacy-signal with legacy index pattern', async () => { - const rule: QueryRuleCreateProps = getRuleForSignalTesting([`.siem-signals-*`]); + const rule: QueryRuleCreateProps = getRuleForAlertTesting([`.siem-signals-*`]); const { id } = await createRule(supertest, log, rule); await waitForRuleSuccess({ supertest, log, id }); - await waitForSignalsToBePresent(supertest, log, 1, [id]); - const signalsOpen = await getSignalsByIds(supertest, log, [id]); + await waitForAlertsToBePresent(supertest, log, 1, [id]); + const signalsOpen = await getAlertsByIds(supertest, log, [id]); expect(signalsOpen.hits.hits.length).greaterThan(0); const hit = signalsOpen.hits.hits[0]; expect(hit._source?.kibana).to.eql(undefined); @@ -384,13 +383,13 @@ export default ({ getService }: FtrProviderContext) => { }); it('should generate a signal-on-legacy-signal with AAD index pattern', async () => { - const rule: QueryRuleCreateProps = getRuleForSignalTesting([ + const rule: QueryRuleCreateProps = getRuleForAlertTesting([ `.alerts-security.alerts-default`, ]); const { id } = await createRule(supertest, log, rule); await waitForRuleSuccess({ supertest, log, id }); - await waitForSignalsToBePresent(supertest, log, 1, [id]); - const signalsOpen = await getSignalsByIds(supertest, log, [id]); + await waitForAlertsToBePresent(supertest, log, 1, [id]); + const signalsOpen = await getAlertsByIds(supertest, log, [id]); expect(signalsOpen.hits.hits.length).greaterThan(0); const hit = signalsOpen.hits.hits[0]; expect(hit._source?.kibana).to.eql(undefined); @@ -549,7 +548,7 @@ export default ({ getService }: FtrProviderContext) => { describe('Saved Query', () => { beforeEach(async () => { await esArchiver.load('x-pack/test/functional/es_archives/security_solution/alerts/7.16.0'); - await createSignalsIndex(supertest, log); + await createAlertsIndex(supertest, log); }); afterEach(async () => { @@ -562,13 +561,13 @@ export default ({ getService }: FtrProviderContext) => { it('should generate a signal-on-legacy-signal with legacy index pattern', async () => { const rule: SavedQueryRuleCreateProps = { - ...getSavedQueryRuleForSignalTesting([`.siem-signals-*`]), + ...getSavedQueryRuleForAlertTesting([`.siem-signals-*`]), query: 'agent.name: "security-linux-1.example.dev"', }; const { id } = await createRule(supertest, log, rule); await waitForRuleSuccess({ supertest, log, id }); - await waitForSignalsToBePresent(supertest, log, 1, [id]); - const signalsOpen = await getSignalsByIds(supertest, log, [id]); + await waitForAlertsToBePresent(supertest, log, 1, [id]); + const signalsOpen = await getAlertsByIds(supertest, log, [id]); expect(signalsOpen.hits.hits.length).greaterThan(0); const hit = signalsOpen.hits.hits[0]; expect(hit._source?.kibana).to.eql(undefined); @@ -576,13 +575,13 @@ export default ({ getService }: FtrProviderContext) => { it('should generate a signal-on-legacy-signal with AAD index pattern', async () => { const rule: SavedQueryRuleCreateProps = { - ...getSavedQueryRuleForSignalTesting([`.alerts-security.alerts-default`]), + ...getSavedQueryRuleForAlertTesting([`.alerts-security.alerts-default`]), query: 'agent.name: "security-linux-1.example.dev"', }; const { id } = await createRule(supertest, log, rule); await waitForRuleSuccess({ supertest, log, id }); - await waitForSignalsToBePresent(supertest, log, 1, [id]); - const signalsOpen = await getSignalsByIds(supertest, log, [id]); + await waitForAlertsToBePresent(supertest, log, 1, [id]); + const signalsOpen = await getAlertsByIds(supertest, log, [id]); expect(signalsOpen.hits.hits.length).greaterThan(0); const hit = signalsOpen.hits.hits[0]; expect(hit._source?.kibana).to.eql(undefined); @@ -592,7 +591,7 @@ export default ({ getService }: FtrProviderContext) => { describe('EQL', () => { beforeEach(async () => { await esArchiver.load('x-pack/test/functional/es_archives/security_solution/alerts/7.16.0'); - await createSignalsIndex(supertest, log); + await createAlertsIndex(supertest, log); }); afterEach(async () => { @@ -605,13 +604,13 @@ export default ({ getService }: FtrProviderContext) => { it('should generate a signal-on-legacy-signal with legacy index pattern', async () => { const rule: EqlRuleCreateProps = { - ...getEqlRuleForSignalTesting(['.siem-signals-*']), + ...getEqlRuleForAlertTesting(['.siem-signals-*']), query: 'any where agent.name == "security-linux-1.example.dev"', }; const { id } = await createRule(supertest, log, rule); await waitForRuleSuccess({ supertest, log, id }); - await waitForSignalsToBePresent(supertest, log, 1, [id]); - const signalsOpen = await getSignalsByIds(supertest, log, [id]); + await waitForAlertsToBePresent(supertest, log, 1, [id]); + const signalsOpen = await getAlertsByIds(supertest, log, [id]); expect(signalsOpen.hits.hits.length).greaterThan(0); const hit = signalsOpen.hits.hits[0]; expect(hit._source?.kibana).to.eql(undefined); @@ -619,13 +618,13 @@ export default ({ getService }: FtrProviderContext) => { it('should generate a signal-on-legacy-signal with AAD index pattern', async () => { const rule: EqlRuleCreateProps = { - ...getEqlRuleForSignalTesting([`.alerts-security.alerts-default`]), + ...getEqlRuleForAlertTesting([`.alerts-security.alerts-default`]), query: 'any where agent.name == "security-linux-1.example.dev"', }; const { id } = await createRule(supertest, log, rule); await waitForRuleSuccess({ supertest, log, id }); - await waitForSignalsToBePresent(supertest, log, 1, [id]); - const signalsOpen = await getSignalsByIds(supertest, log, [id]); + await waitForAlertsToBePresent(supertest, log, 1, [id]); + const signalsOpen = await getAlertsByIds(supertest, log, [id]); expect(signalsOpen.hits.hits.length).greaterThan(0); const hit = signalsOpen.hits.hits[0]; expect(hit._source?.kibana).to.eql(undefined); @@ -635,7 +634,7 @@ export default ({ getService }: FtrProviderContext) => { describe('Threshold', () => { beforeEach(async () => { await esArchiver.load('x-pack/test/functional/es_archives/security_solution/alerts/7.16.0'); - await createSignalsIndex(supertest, log); + await createAlertsIndex(supertest, log); }); afterEach(async () => { @@ -647,7 +646,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should generate a signal-on-legacy-signal with legacy index pattern', async () => { - const baseRule: ThresholdRuleCreateProps = getThresholdRuleForSignalTesting([ + const baseRule: ThresholdRuleCreateProps = getThresholdRuleForAlertTesting([ '.siem-signals-*', ]); const rule: ThresholdRuleCreateProps = { @@ -660,15 +659,15 @@ export default ({ getService }: FtrProviderContext) => { }; const { id } = await createRule(supertest, log, rule); await waitForRuleSuccess({ supertest, log, id }); - await waitForSignalsToBePresent(supertest, log, 1, [id]); - const signalsOpen = await getSignalsByIds(supertest, log, [id]); + await waitForAlertsToBePresent(supertest, log, 1, [id]); + const signalsOpen = await getAlertsByIds(supertest, log, [id]); expect(signalsOpen.hits.hits.length).greaterThan(0); const hit = signalsOpen.hits.hits[0]; expect(hit._source?.kibana).to.eql(undefined); }); it('should generate a signal-on-legacy-signal with AAD index pattern', async () => { - const baseRule: ThresholdRuleCreateProps = getThresholdRuleForSignalTesting([ + const baseRule: ThresholdRuleCreateProps = getThresholdRuleForAlertTesting([ `.alerts-security.alerts-default`, ]); const rule: ThresholdRuleCreateProps = { @@ -681,8 +680,8 @@ export default ({ getService }: FtrProviderContext) => { }; const { id } = await createRule(supertest, log, rule); await waitForRuleSuccess({ supertest, log, id }); - await waitForSignalsToBePresent(supertest, log, 1, [id]); - const signalsOpen = await getSignalsByIds(supertest, log, [id]); + await waitForAlertsToBePresent(supertest, log, 1, [id]); + const signalsOpen = await getAlertsByIds(supertest, log, [id]); expect(signalsOpen.hits.hits.length).greaterThan(0); const hit = signalsOpen.hits.hits[0]; expect(hit._source?.kibana).to.eql(undefined); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/aliases.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/aliases.ts similarity index 60% rename from x-pack/test/detection_engine_api_integration/security_and_spaces/group1/aliases.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/aliases.ts index 34bed9e507c22..f62b2b62ebc5a 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/aliases.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/aliases.ts @@ -7,19 +7,18 @@ import expect from '@kbn/expect'; -import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createRule, - createSignalsIndex, + createAlertsIndex, deleteAllRules, deleteAllAlerts, - getRuleForSignalTesting, - getSignalsById, + getRuleForAlertTesting, + getAlertsById, waitForRuleSuccess, - waitForSignalsToBePresent, + waitForAlertsToBePresent, } from '../../utils'; +import { FtrProviderContext } from '../../../../ftr_provider_context'; -// eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const esArchiver = getService('esArchiver'); @@ -30,7 +29,7 @@ export default ({ getService }: FtrProviderContext) => { name: string; } - describe('Tests involving aliases of source indexes and the signals index', () => { + describe('@ess Tests involving aliases of source indexes and the alerts index', () => { before(async () => { await esArchiver.load('x-pack/test/functional/es_archives/security_solution/alias'); }); @@ -40,7 +39,7 @@ export default ({ getService }: FtrProviderContext) => { }); beforeEach(async () => { - await createSignalsIndex(supertest, log); + await createAlertsIndex(supertest, log); }); afterEach(async () => { @@ -49,25 +48,25 @@ export default ({ getService }: FtrProviderContext) => { }); it('should keep the original alias value such as "host_alias" from a source index when the value is indexed', async () => { - const rule = getRuleForSignalTesting(['host_alias']); + const rule = getRuleForAlertTesting(['host_alias']); const { id } = await createRule(supertest, log, rule); await waitForRuleSuccess({ supertest, log, id }); - await waitForSignalsToBePresent(supertest, log, 4, [id]); - const signalsOpen = await getSignalsById(supertest, log, id); - const hits = signalsOpen.hits.hits - .map((signal) => (signal._source?.host_alias as HostAlias).name) + await waitForAlertsToBePresent(supertest, log, 4, [id]); + const alertsOpen = await getAlertsById(supertest, log, id); + const hits = alertsOpen.hits.hits + .map((alert) => (alert._source?.host_alias as HostAlias).name) .sort(); expect(hits).to.eql(['host name 1', 'host name 2', 'host name 3', 'host name 4']); }); - it('should copy alias data from a source index into the signals index in the same position when the target is ECS compatible', async () => { - const rule = getRuleForSignalTesting(['host_alias']); + it('should copy alias data from a source index into the alerts index in the same position when the target is ECS compatible', async () => { + const rule = getRuleForAlertTesting(['host_alias']); const { id } = await createRule(supertest, log, rule); await waitForRuleSuccess({ supertest, log, id }); - await waitForSignalsToBePresent(supertest, log, 4, [id]); - const signalsOpen = await getSignalsById(supertest, log, id); - const hits = signalsOpen.hits.hits - .map((signal) => (signal._source?.host as HostAlias).name) + await waitForAlertsToBePresent(supertest, log, 4, [id]); + const alertsOpen = await getAlertsById(supertest, log, id); + const hits = alertsOpen.hits.hits + .map((alert) => (alert._source?.host as HostAlias).name) .sort(); expect(hits).to.eql(['host name 1', 'host name 2', 'host name 3', 'host name 4']); }); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group6/config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/configs/ess.config.ts similarity index 63% rename from x-pack/test/detection_engine_api_integration/security_and_spaces/group6/config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/configs/ess.config.ts index 2430b8f2148d9..2a8468856732f 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group6/config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/configs/ess.config.ts @@ -7,12 +7,16 @@ import { FtrConfigProviderContext } from '@kbn/test'; -// eslint-disable-next-line import/no-default-export export default async function ({ readConfigFile }: FtrConfigProviderContext) { - const functionalConfig = await readConfigFile(require.resolve('../config.base.ts')); + const functionalConfig = await readConfigFile( + require.resolve('../../../../../config/ess/config.base.trial') + ); return { ...functionalConfig.getAll(), - testFiles: [require.resolve('.')], + testFiles: [require.resolve('..')], + junit: { + reportName: 'Detection Engine API Integration Tests - ESS - Alerts', + }, }; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/configs/serverless.config.ts new file mode 100644 index 0000000000000..9c61a18b25abc --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/configs/serverless.config.ts @@ -0,0 +1,15 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { createTestConfig } from '../../../../../config/serverless/config.base'; + +export default createTestConfig({ + testFiles: [require.resolve('..')], + junit: { + reportName: 'Detection Engine API Integration Tests - Serverless - Alerts', + }, +}); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/create_index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/create_index.ts similarity index 89% rename from x-pack/test/detection_engine_api_integration/security_and_spaces/group1/create_index.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/create_index.ts index 450f61a906747..2de9bf74cb90b 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/create_index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/create_index.ts @@ -13,17 +13,17 @@ import { import { SIGNALS_FIELD_ALIASES_VERSION } from '@kbn/security-solution-plugin/server/lib/detection_engine/routes/index/get_signals_template'; -import { FtrProviderContext } from '../../common/ftr_provider_context'; import { deleteAllAlerts } from '../../utils'; -// eslint-disable-next-line import/no-default-export +import { FtrProviderContext } from '../../../../ftr_provider_context'; + export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const esArchiver = getService('esArchiver'); const es = getService('es'); const log = getService('log'); - describe('create_index', () => { + describe('@ess create_index', () => { afterEach(async () => { await deleteAllAlerts(supertest, log, es); }); @@ -39,7 +39,7 @@ export default ({ getService }: FtrProviderContext) => { }); // This fails and should be investigated or removed if it no longer applies - it.skip('should report that signals index does not exist', async () => { + it.skip('should report that alerts index does not exist', async () => { const { body } = await supertest.get(DETECTION_ENGINE_INDEX_URL).send().expect(404); expect(body).to.eql({ message: 'index for this space does not exist', status_code: 404 }); }); @@ -54,7 +54,7 @@ export default ({ getService }: FtrProviderContext) => { }); }); - describe('with an outdated signals index', () => { + describe('with an outdated alerts index', () => { beforeEach(async () => { await esArchiver.load('x-pack/test/functional/es_archives/endpoint/resolver/signals'); }); @@ -63,7 +63,7 @@ export default ({ getService }: FtrProviderContext) => { await esArchiver.unload('x-pack/test/functional/es_archives/endpoint/resolver/signals'); }); - it('should report that signals index is outdated', async () => { + it('should report that alerts index is outdated', async () => { const { body } = await supertest.get(DETECTION_ENGINE_INDEX_URL).send().expect(200); expect(body).to.eql({ index_mapping_outdated: true, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/index.ts new file mode 100644 index 0000000000000..7482e1bac558f --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/index.ts @@ -0,0 +1,18 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { FtrProviderContext } from '../../../../ftr_provider_context'; + +export default function ({ loadTestFile }: FtrProviderContext) { + describe('Alerts API', function () { + loadTestFile(require.resolve('./aliases')); + loadTestFile(require.resolve('./create_index')); + loadTestFile(require.resolve('./alerts_compatibility')); + loadTestFile(require.resolve('./migrations')); + loadTestFile(require.resolve('./open_close_alerts')); + loadTestFile(require.resolve('./set_alert_tags')); + }); +} diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/create_signals_migrations.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/migrations/create_alerts_migrations.ts similarity index 96% rename from x-pack/test/detection_engine_api_integration/security_and_spaces/group10/create_signals_migrations.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/migrations/create_alerts_migrations.ts index b5219dccbee49..5336d8bd6375e 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/create_signals_migrations.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/migrations/create_alerts_migrations.ts @@ -15,15 +15,19 @@ import { import { ROLES } from '@kbn/security-solution-plugin/common/test'; import { SIGNALS_TEMPLATE_VERSION } from '@kbn/security-solution-plugin/server/lib/detection_engine/routes/index/get_signals_template'; import { Signal } from '@kbn/security-solution-plugin/server/lib/detection_engine/rule_types/types'; -import { FtrProviderContext } from '../../common/ftr_provider_context'; + import { - createSignalsIndex, + createAlertsIndex, deleteMigrations, deleteAllAlerts, getIndexNameFromLoad, waitForIndexToPopulate, -} from '../../utils'; -import { createUserAndRole, deleteUserAndRole } from '../../../common/services/security_solution'; +} from '../../../utils'; +import { + createUserAndRole, + deleteUserAndRole, +} from '../../../../../../common/services/security_solution'; +import { FtrProviderContext } from '../../../../../ftr_provider_context'; interface CreateResponse { index: string; @@ -35,7 +39,6 @@ function sleep(ms: number) { return new Promise((resolve) => setTimeout(resolve, ms)); } -// eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); const esArchiver = getService('esArchiver'); @@ -58,7 +61,7 @@ export default ({ getService }: FtrProviderContext): void => { outdatedSignalsIndexName = getIndexNameFromLoad( await esArchiver.load('x-pack/test/functional/es_archives/signals/outdated_signals_index') ); - await createSignalsIndex(supertest, log); + await createAlertsIndex(supertest, log); }); afterEach(async () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/delete_signals_migrations.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/migrations/delete_alerts_migrations.ts similarity index 87% rename from x-pack/test/detection_engine_api_integration/security_and_spaces/group10/delete_signals_migrations.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/migrations/delete_alerts_migrations.ts index f1534ed6d9ddf..61a4250fceca4 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/delete_signals_migrations.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/migrations/delete_alerts_migrations.ts @@ -13,9 +13,8 @@ import { DETECTION_ENGINE_SIGNALS_MIGRATION_URL, } from '@kbn/security-solution-plugin/common/constants'; import { ROLES } from '@kbn/security-solution-plugin/common/test'; -import { FtrProviderContext } from '../../common/ftr_provider_context'; -import { createSignalsIndex, deleteAllAlerts, getIndexNameFromLoad, waitFor } from '../../utils'; -import { createUserAndRole } from '../../../common/services/security_solution'; +import { createAlertsIndex, deleteAllAlerts, getIndexNameFromLoad, waitFor } from '../../../utils'; +import { createUserAndRole } from '../../../../../../common/services/security_solution'; interface CreateResponse { index: string; @@ -27,8 +26,8 @@ interface FinalizeResponse extends CreateResponse { completed?: boolean; error?: unknown; } +import { FtrProviderContext } from '../../../../../ftr_provider_context'; -// eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); const esArchiver = getService('esArchiver'); @@ -36,17 +35,17 @@ export default ({ getService }: FtrProviderContext): void => { const supertestWithoutAuth = getService('supertestWithoutAuth'); const log = getService('log'); - describe('deleting signals migrations', () => { - let outdatedSignalsIndexName: string; + describe('@ess Deleting alerts migrations', () => { + let outdatedAlertsIndexName: string; let createdMigration: CreateResponse; let finalizedMigration: FinalizeResponse; beforeEach(async () => { - outdatedSignalsIndexName = getIndexNameFromLoad( + outdatedAlertsIndexName = getIndexNameFromLoad( await esArchiver.load('x-pack/test/functional/es_archives/signals/outdated_signals_index') ); - await createSignalsIndex(supertest, log); + await createAlertsIndex(supertest, log); ({ body: { @@ -55,7 +54,7 @@ export default ({ getService }: FtrProviderContext): void => { } = await supertest .post(DETECTION_ENGINE_SIGNALS_MIGRATION_URL) .set('kbn-xsrf', 'true') - .send({ index: [outdatedSignalsIndexName] }) + .send({ index: [outdatedAlertsIndexName] }) .expect(200)); await waitFor( @@ -91,7 +90,7 @@ export default ({ getService }: FtrProviderContext): void => { const deletedMigration = body.migrations[0]; expect(deletedMigration.id).to.eql(createdMigration.migration_id); - expect(deletedMigration.sourceIndex).to.eql(outdatedSignalsIndexName); + expect(deletedMigration.sourceIndex).to.eql(outdatedAlertsIndexName); }); it('marks the original index for deletion by applying our cleanup policy', async () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/finalize_signals_migrations.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/migrations/finalize_alerts_migrations.ts similarity index 90% rename from x-pack/test/detection_engine_api_integration/security_and_spaces/group10/finalize_signals_migrations.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/migrations/finalize_alerts_migrations.ts index 17d6ab5a91b0e..8fa340ba3046f 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/finalize_signals_migrations.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/migrations/finalize_alerts_migrations.ts @@ -13,15 +13,17 @@ import { DETECTION_ENGINE_SIGNALS_MIGRATION_URL, } from '@kbn/security-solution-plugin/common/constants'; import { ROLES } from '@kbn/security-solution-plugin/common/test'; -import { FtrProviderContext } from '../../common/ftr_provider_context'; import { - createSignalsIndex, + createAlertsIndex, deleteMigrations, deleteAllAlerts, getIndexNameFromLoad, waitFor, -} from '../../utils'; -import { createUserAndRole, deleteUserAndRole } from '../../../common/services/security_solution'; +} from '../../../utils'; +import { + createUserAndRole, + deleteUserAndRole, +} from '../../../../../../common/services/security_solution'; interface StatusResponse { index: string; @@ -39,8 +41,8 @@ interface FinalizeResponse { completed?: boolean; error?: unknown; } +import { FtrProviderContext } from '../../../../../ftr_provider_context'; -// eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext): void => { const esArchiver = getService('esArchiver'); const kbnClient = getService('kibanaServer'); @@ -49,7 +51,7 @@ export default ({ getService }: FtrProviderContext): void => { const log = getService('log'); const es = getService('es'); - const getSignalsMigrationStatus = async (query: any) => { + const getAlertsMigrationStatus = async (query: any) => { const { body } = await supertest .get(DETECTION_ENGINE_SIGNALS_MIGRATION_STATUS_URL) .query(query) @@ -62,28 +64,28 @@ export default ({ getService }: FtrProviderContext): void => { return filteredIndices; }; - describe('Finalizing signals migrations', () => { - let legacySignalsIndexName: string; - let outdatedSignalsIndexName: string; + describe('@ess Finalizing Alerts migrations', () => { + let legacyAlertsIndexName: string; + let outdatedAlertsIndexName: string; let createdMigrations: CreateResponse[]; let createdMigration: CreateResponse; beforeEach(async () => { createdMigrations = []; - legacySignalsIndexName = getIndexNameFromLoad( + legacyAlertsIndexName = getIndexNameFromLoad( await esArchiver.load('x-pack/test/functional/es_archives/signals/legacy_signals_index') ); - outdatedSignalsIndexName = getIndexNameFromLoad( + outdatedAlertsIndexName = getIndexNameFromLoad( await esArchiver.load('x-pack/test/functional/es_archives/signals/outdated_signals_index') ); - await createSignalsIndex(supertest, log); + await createAlertsIndex(supertest, log); ({ body: { indices: createdMigrations }, } = await supertest .post(DETECTION_ENGINE_SIGNALS_MIGRATION_URL) .set('kbn-xsrf', 'true') - .send({ index: [legacySignalsIndexName] }) + .send({ index: [legacyAlertsIndexName] }) .expect(200)); [createdMigration] = createdMigrations; @@ -91,7 +93,7 @@ export default ({ getService }: FtrProviderContext): void => { afterEach(async () => { // Finalize the migration after each test so that the .siem-signals alias gets added to the migrated index - - // this allows deleteSignalsIndex to find and delete the migrated index + // this allows deleteAlertsIndex to find and delete the migrated index await supertest .post(DETECTION_ENGINE_SIGNALS_FINALIZE_MIGRATION_URL) .set('kbn-xsrf', 'true') @@ -107,7 +109,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('replaces the original index alias with the migrated one', async () => { - const statusResponses: StatusResponse[] = await getSignalsMigrationStatus({ + const statusResponses: StatusResponse[] = await getAlertsMigrationStatus({ from: '2020-10-10', }); const indicesBefore = statusResponses.map((index) => index.index); @@ -160,7 +162,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body } = await supertest .post(DETECTION_ENGINE_SIGNALS_MIGRATION_URL) .set('kbn-xsrf', 'true') - .send({ index: [outdatedSignalsIndexName] }) + .send({ index: [outdatedAlertsIndexName] }) .expect(200); createdMigrations = [...createdMigrations, ...body.indices]; @@ -181,7 +183,7 @@ export default ({ getService }: FtrProviderContext): void => { log ); - const indices = await getSignalsMigrationStatus({ from: '2020-10-10' }); + const indices = await getAlertsMigrationStatus({ from: '2020-10-10' }); expect(indices.map((s: any) => s.index)).to.eql([ ...createdMigrations.map((c) => c.migration_index), ]); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/get_signals_migration_status.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/migrations/get_alerts_migration_status.ts similarity index 70% rename from x-pack/test/detection_engine_api_integration/security_and_spaces/group10/get_signals_migration_status.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/migrations/get_alerts_migration_status.ts index 03e1b0c1e587b..ca04f2ba75c74 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/get_signals_migration_status.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/migrations/get_alerts_migration_status.ts @@ -9,11 +9,14 @@ import expect from '@kbn/expect'; import { DETECTION_ENGINE_SIGNALS_MIGRATION_STATUS_URL } from '@kbn/security-solution-plugin/common/constants'; import { ROLES } from '@kbn/security-solution-plugin/common/test'; -import { FtrProviderContext } from '../../common/ftr_provider_context'; -import { createSignalsIndex, deleteAllAlerts, getIndexNameFromLoad } from '../../utils'; -import { createUserAndRole, deleteUserAndRole } from '../../../common/services/security_solution'; +import { createAlertsIndex, deleteAllAlerts, getIndexNameFromLoad } from '../../../utils'; +import { + createUserAndRole, + deleteUserAndRole, +} from '../../../../../../common/services/security_solution'; + +import { FtrProviderContext } from '../../../../../ftr_provider_context'; -// eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext): void => { const esArchiver = getService('esArchiver'); const supertest = getService('supertest'); @@ -21,7 +24,7 @@ export default ({ getService }: FtrProviderContext): void => { const log = getService('log'); const es = getService('es'); - const getSignalsMigrationStatus = async (query: any) => { + const getAlertsMigrationStatus = async (query: any) => { const { body } = await supertest .get(DETECTION_ENGINE_SIGNALS_MIGRATION_STATUS_URL) .query(query) @@ -34,13 +37,13 @@ export default ({ getService }: FtrProviderContext): void => { return filteredIndices; }; - describe('Signals migration status', () => { - let legacySignalsIndexName: string; + describe('Alerts migration status', () => { + let legacyAlertsIndexName: string; beforeEach(async () => { - legacySignalsIndexName = getIndexNameFromLoad( + legacyAlertsIndexName = getIndexNameFromLoad( await esArchiver.load('x-pack/test/functional/es_archives/signals/legacy_signals_index') ); - await createSignalsIndex(supertest, log); + await createAlertsIndex(supertest, log); }); afterEach(async () => { @@ -48,26 +51,26 @@ export default ({ getService }: FtrProviderContext): void => { await deleteAllAlerts(supertest, log, es); }); - it('returns no indexes if no signals exist in the specified range', async () => { - const indices = await getSignalsMigrationStatus({ from: '2020-10-20' }); + it('returns no indexes if no alerts exist in the specified range', async () => { + const indices = await getAlertsMigrationStatus({ from: '2020-10-20' }); expect(indices).to.eql([]); }); - it('includes an index if its signals are within the specified range', async () => { - const indices = await getSignalsMigrationStatus({ from: '2020-10-10' }); + it('includes an index if its alerts are within the specified range', async () => { + const indices = await getAlertsMigrationStatus({ from: '2020-10-10' }); expect(indices).length(1); - expect(indices[0].index).to.eql(legacySignalsIndexName); + expect(indices[0].index).to.eql(legacyAlertsIndexName); }); - it("returns the mappings version and a breakdown of signals' version", async () => { + it("returns the mappings version and a breakdown of alerts' version", async () => { const outdatedIndexName = getIndexNameFromLoad( await esArchiver.load('x-pack/test/functional/es_archives/signals/outdated_signals_index') ); - const indices = await getSignalsMigrationStatus({ from: '2020-10-10' }); + const indices = await getAlertsMigrationStatus({ from: '2020-10-10' }); expect(indices).to.eql([ { - index: legacySignalsIndexName, + index: legacyAlertsIndexName, is_outdated: true, migrations: [], signal_versions: [ diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/migrations/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/migrations/index.ts new file mode 100644 index 0000000000000..115c8dbeab1f2 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/migrations/index.ts @@ -0,0 +1,16 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { FtrProviderContext } from '../../../../../ftr_provider_context'; + +export default function ({ loadTestFile }: FtrProviderContext) { + describe('Actions API', function () { + loadTestFile(require.resolve('./create_alerts_migrations')); + loadTestFile(require.resolve('./delete_alerts_migrations')); + loadTestFile(require.resolve('./finalize_alerts_migrations')); + loadTestFile(require.resolve('./finalize_alerts_migrations')); + }); +} diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/open_close_signals.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/open_close_alerts.ts similarity index 56% rename from x-pack/test/detection_engine_api_integration/security_and_spaces/group10/open_close_signals.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/open_close_alerts.ts index f66bec45e45a1..801791ccc660d 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/open_close_signals.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/open_close_alerts.ts @@ -15,38 +15,46 @@ import { } from '@kbn/security-solution-plugin/common/constants'; import { ROLES } from '@kbn/security-solution-plugin/common/test'; import { DetectionAlert } from '@kbn/security-solution-plugin/common/api/detection_engine'; -import { FtrProviderContext } from '../../common/ftr_provider_context'; import { - createSignalsIndex, + createAlertsIndex, deleteAllAlerts, - setSignalStatus, + setAlertStatus, getAlertUpdateByQueryEmptyResponse, - getQuerySignalIds, + getQueryAlertIds, deleteAllRules, createRule, - waitForSignalsToBePresent, - getSignalsByIds, + waitForAlertsToBePresent, + getAlertsByIds, waitForRuleSuccess, - getRuleForSignalTesting, + getRuleForAlertTesting, } from '../../utils'; -import { createUserAndRole, deleteUserAndRole } from '../../../common/services/security_solution'; +import { + createUserAndRole, + deleteUserAndRole, +} from '../../../../../common/services/security_solution'; +import { FtrProviderContext } from '../../../../ftr_provider_context'; +import { EsArchivePathBuilder } from '../../../../es_archive_path_builder'; -// eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const esArchiver = getService('esArchiver'); const supertestWithoutAuth = getService('supertestWithoutAuth'); const log = getService('log'); const es = getService('es'); + // TODO: add a new service + const config = getService('config'); + const isServerless = config.get('serverless'); + const dataPathBuilder = new EsArchivePathBuilder(isServerless); + const path = dataPathBuilder.getPath('auditbeat/hosts'); - describe('open_close_signals', () => { + describe('@ess @serverless open_close_alerts', () => { describe('validation checks', () => { describe('update by ids', () => { - it('should not give errors when querying and the signals index does not exist yet', async () => { + it('should not give errors when querying and the alerts index does not exist yet', async () => { const { body } = await supertest .post(DETECTION_ENGINE_SIGNALS_STATUS_URL) .set('kbn-xsrf', 'true') - .send(setSignalStatus({ signalIds: ['123'], status: 'open' })) + .send(setAlertStatus({ alertIds: ['123'], status: 'open' })) .expect(200); // remove any server generated items that are nondeterministic @@ -55,12 +63,12 @@ export default ({ getService }: FtrProviderContext) => { expect(body).to.eql(getAlertUpdateByQueryEmptyResponse()); }); - it('should not give errors when querying and the signals index does exist and is empty', async () => { - await createSignalsIndex(supertest, log); + it('should not give errors when querying and the alerts index does exist and is empty', async () => { + await createAlertsIndex(supertest, log); const { body } = await supertest .post(DETECTION_ENGINE_SIGNALS_STATUS_URL) .set('kbn-xsrf', 'true') - .send(setSignalStatus({ signalIds: ['123'], status: 'open' })) + .send(setAlertStatus({ alertIds: ['123'], status: 'open' })) .expect(200); // remove any server generated items that are nondeterministic @@ -73,11 +81,11 @@ export default ({ getService }: FtrProviderContext) => { }); describe('update by query', () => { - it('should not give errors when querying and the signals index does not exist yet', async () => { + it('should not give errors when querying and the alerts index does not exist yet', async () => { const { body } = await supertest .post(DETECTION_ENGINE_SIGNALS_STATUS_URL) .set('kbn-xsrf', 'true') - .send(setSignalStatus({ query: { match_all: {} }, status: 'open' })) + .send(setAlertStatus({ query: { match_all: {} }, status: 'open' })) .expect(200); // remove any server generated items that are indeterministic @@ -86,12 +94,12 @@ export default ({ getService }: FtrProviderContext) => { expect(body).to.eql(getAlertUpdateByQueryEmptyResponse()); }); - it('should not give errors when querying and the signals index does exist and is empty', async () => { - await createSignalsIndex(supertest, log); + it('should not give errors when querying and the alerts index does exist and is empty', async () => { + await createAlertsIndex(supertest, log); const { body } = await supertest .post(DETECTION_ENGINE_SIGNALS_STATUS_URL) .set('kbn-xsrf', 'true') - .send(setSignalStatus({ query: { match_all: {} }, status: 'open' })) + .send(setAlertStatus({ query: { match_all: {} }, status: 'open' })) .expect(200); // remove any server generated items that are indeterministic @@ -105,16 +113,16 @@ export default ({ getService }: FtrProviderContext) => { describe('tests with auditbeat data', () => { before(async () => { - await esArchiver.load('x-pack/test/functional/es_archives/auditbeat/hosts'); + await esArchiver.load(path); }); after(async () => { - await esArchiver.unload('x-pack/test/functional/es_archives/auditbeat/hosts'); + await esArchiver.unload(path); }); beforeEach(async () => { await deleteAllRules(supertest, log); - await createSignalsIndex(supertest, log); + await createAlertsIndex(supertest, log); }); afterEach(async () => { @@ -122,163 +130,160 @@ export default ({ getService }: FtrProviderContext) => { await deleteAllRules(supertest, log); }); - it('should be able to execute and get 10 signals', async () => { + it('should be able to execute and get 10 alerts', async () => { const rule = { - ...getRuleForSignalTesting(['auditbeat-*']), + ...getRuleForAlertTesting(['auditbeat-*']), query: 'process.executable: "/usr/bin/sudo"', }; const { id } = await createRule(supertest, log, rule); await waitForRuleSuccess({ supertest, log, id }); - await waitForSignalsToBePresent(supertest, log, 10, [id]); - const signalsOpen = await getSignalsByIds(supertest, log, [id]); - expect(signalsOpen.hits.hits.length).equal(10); + await waitForAlertsToBePresent(supertest, log, 10, [id]); + const alertsOpen = await getAlertsByIds(supertest, log, [id]); + expect(alertsOpen.hits.hits.length).equal(10); }); - it('should be have set the signals in an open state initially', async () => { + it('should be have set the alerts in an open state initially', async () => { const rule = { - ...getRuleForSignalTesting(['auditbeat-*']), + ...getRuleForAlertTesting(['auditbeat-*']), query: 'process.executable: "/usr/bin/sudo"', }; const { id } = await createRule(supertest, log, rule); await waitForRuleSuccess({ supertest, log, id }); - await waitForSignalsToBePresent(supertest, log, 10, [id]); - const signalsOpen = await getSignalsByIds(supertest, log, [id]); - const everySignalOpen = signalsOpen.hits.hits.every( + await waitForAlertsToBePresent(supertest, log, 10, [id]); + const alertsOpen = await getAlertsByIds(supertest, log, [id]); + const everyAlertOpen = alertsOpen.hits.hits.every( (hit) => hit._source?.[ALERT_WORKFLOW_STATUS] === 'open' ); - expect(everySignalOpen).to.eql(true); + expect(everyAlertOpen).to.eql(true); }); - it('should be able to get a count of 10 closed signals when closing 10', async () => { + it('should be able to get a count of 10 closed alerts when closing 10', async () => { const rule = { - ...getRuleForSignalTesting(['auditbeat-*']), + ...getRuleForAlertTesting(['auditbeat-*']), query: 'process.executable: "/usr/bin/sudo"', }; const { id } = await createRule(supertest, log, rule); await waitForRuleSuccess({ supertest, log, id }); - await waitForSignalsToBePresent(supertest, log, 10, [id]); - const signalsOpen = await getSignalsByIds(supertest, log, [id]); - const signalIds = signalsOpen.hits.hits.map((signal) => signal._id); + await waitForAlertsToBePresent(supertest, log, 10, [id]); + const alertsOpen = await getAlertsByIds(supertest, log, [id]); + const alertIds = alertsOpen.hits.hits.map((alert) => alert._id); - // set all of the signals to the state of closed. There is no reason to use a waitUntil here + // set all of the alerts to the state of closed. There is no reason to use a waitUntil here // as this route intentionally has a waitFor within it and should only return when the query has // the data. await supertest .post(DETECTION_ENGINE_SIGNALS_STATUS_URL) .set('kbn-xsrf', 'true') - .send(setSignalStatus({ signalIds, status: 'closed' })) + .send(setAlertStatus({ alertIds, status: 'closed' })) .expect(200); - const { body: signalsClosed }: { body: estypes.SearchResponse } = + const { body: alertsClosed }: { body: estypes.SearchResponse } = await supertest .post(DETECTION_ENGINE_QUERY_SIGNALS_URL) .set('kbn-xsrf', 'true') - .send(getQuerySignalIds(signalIds)) + .send(getQueryAlertIds(alertIds)) .expect(200); - expect(signalsClosed.hits.hits.length).to.equal(10); + expect(alertsClosed.hits.hits.length).to.equal(10); }); - // Test is failing after changing refresh to false - it.skip('should be able close signals immediately and they all should be closed', async () => { + it('should be able close alerts immediately and they all should be closed', async () => { const rule = { - ...getRuleForSignalTesting(['auditbeat-*']), + ...getRuleForAlertTesting(['auditbeat-*']), query: 'process.executable: "/usr/bin/sudo"', }; const { id } = await createRule(supertest, log, rule); await waitForRuleSuccess({ supertest, log, id }); - await waitForSignalsToBePresent(supertest, log, 1, [id]); - const signalsOpen = await getSignalsByIds(supertest, log, [id]); - const signalIds = signalsOpen.hits.hits.map((signal) => signal._id); + await waitForAlertsToBePresent(supertest, log, 1, [id]); + const alertsOpen = await getAlertsByIds(supertest, log, [id]); + const alertIds = alertsOpen.hits.hits.map((alert) => alert._id); - // set all of the signals to the state of closed. There is no reason to use a waitUntil here + // set all of the alerts to the state of closed. There is no reason to use a waitUntil here // as this route intentionally has a waitFor within it and should only return when the query has // the data. await supertest .post(DETECTION_ENGINE_SIGNALS_STATUS_URL) .set('kbn-xsrf', 'true') - .send(setSignalStatus({ signalIds, status: 'closed' })) + .send(setAlertStatus({ alertIds, status: 'closed' })) .expect(200); - const { body: signalsClosed }: { body: estypes.SearchResponse } = + const { body: alertsClosed }: { body: estypes.SearchResponse } = await supertest .post(DETECTION_ENGINE_QUERY_SIGNALS_URL) .set('kbn-xsrf', 'true') - .send(getQuerySignalIds(signalIds)) + .send(getQueryAlertIds(alertIds)) .expect(200); - const everySignalClosed = signalsClosed.hits.hits.every( + const everyAlertClosed = alertsClosed.hits.hits.every( (hit) => hit._source?.['kibana.alert.workflow_status'] === 'closed' ); - expect(everySignalClosed).to.eql(true); + expect(everyAlertClosed).to.eql(true); }); - // This fails and should be investigated or removed if it no longer applies - it.skip('should be able to close signals with t1 analyst user', async () => { - const rule = getRuleForSignalTesting(['auditbeat-*']); + it.skip('should be able to close alerts with t1 analyst user', async () => { + const rule = getRuleForAlertTesting(['auditbeat-*']); const { id } = await createRule(supertest, log, rule); await waitForRuleSuccess({ supertest, log, id }); - await waitForSignalsToBePresent(supertest, log, 1, [id]); + await waitForAlertsToBePresent(supertest, log, 1, [id]); await createUserAndRole(getService, ROLES.t1_analyst); - const signalsOpen = await getSignalsByIds(supertest, log, [id]); - const signalIds = signalsOpen.hits.hits.map((signal) => signal._id); + const alertsOpen = await getAlertsByIds(supertest, log, [id]); + const alertIds = alertsOpen.hits.hits.map((alert) => alert._id); - // Try to set all of the signals to the state of closed. + // Try to set all of the alerts to the state of closed. // This should not be possible with the given user. await supertestWithoutAuth .post(DETECTION_ENGINE_SIGNALS_STATUS_URL) .set('kbn-xsrf', 'true') .auth(ROLES.t1_analyst, 'changeme') - .send(setSignalStatus({ signalIds, status: 'closed' })) + .send(setAlertStatus({ alertIds, status: 'closed' })) .expect(200); - // query for the signals with the superuser - // to allow a check that the signals were NOT closed with t1 analyst - const { body: signalsClosed }: { body: estypes.SearchResponse } = + // query for the alerts with the superuser + // to allow a check that the alerts were NOT closed with t1 analyst + const { body: alertsClosed }: { body: estypes.SearchResponse } = await supertest .post(DETECTION_ENGINE_QUERY_SIGNALS_URL) .set('kbn-xsrf', 'true') - .send(getQuerySignalIds(signalIds)) + .send(getQueryAlertIds(alertIds)) .expect(200); - const everySignalClosed = signalsClosed.hits.hits.every( + const everyAlertClosed = alertsClosed.hits.hits.every( (hit) => hit._source?.['kibana.alert.workflow_status'] === 'closed' ); - expect(everySignalClosed).to.eql(true); + expect(everyAlertClosed).to.eql(true); await deleteUserAndRole(getService, ROLES.t1_analyst); }); - // This fails and should be investigated or removed if it no longer applies - it.skip('should be able to close signals with soc_manager user', async () => { - const rule = getRuleForSignalTesting(['auditbeat-*']); + it.skip('should be able to close alerts with soc_manager user', async () => { + const rule = getRuleForAlertTesting(['auditbeat-*']); const { id } = await createRule(supertest, log, rule); await waitForRuleSuccess({ supertest, log, id }); - await waitForSignalsToBePresent(supertest, log, 1, [id]); + await waitForAlertsToBePresent(supertest, log, 1, [id]); const userAndRole = ROLES.soc_manager; await createUserAndRole(getService, userAndRole); - const signalsOpen = await getSignalsByIds(supertest, log, [id]); - const signalIds = signalsOpen.hits.hits.map((signal) => signal._id); + const alertsOpen = await getAlertsByIds(supertest, log, [id]); + const alertIds = alertsOpen.hits.hits.map((alert) => alert._id); - // Try to set all of the signals to the state of closed. + // Try to set all of the alerts to the state of closed. // This should not be possible with the given user. await supertestWithoutAuth .post(DETECTION_ENGINE_SIGNALS_STATUS_URL) .set('kbn-xsrf', 'true') .auth(userAndRole, 'changeme') // each user has the same password - .send(setSignalStatus({ signalIds, status: 'closed' })) + .send(setAlertStatus({ alertIds, status: 'closed' })) .expect(200); - const { body: signalsClosed }: { body: estypes.SearchResponse } = + const { body: alertsClosed }: { body: estypes.SearchResponse } = await supertest .post(DETECTION_ENGINE_QUERY_SIGNALS_URL) .set('kbn-xsrf', 'true') - .send(getQuerySignalIds(signalIds)) + .send(getQueryAlertIds(alertIds)) .expect(200); - const everySignalClosed = signalsClosed.hits.hits.every( + const everyAlertClosed = alertsClosed.hits.hits.every( (hit) => hit._source?.['kibana.alert.workflow_status'] === 'closed' ); - expect(everySignalClosed).to.eql(true); + expect(everyAlertClosed).to.eql(true); await deleteUserAndRole(getService, userAndRole); }); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/set_alert_tags.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/set_alert_tags.ts similarity index 80% rename from x-pack/test/detection_engine_api_integration/security_and_spaces/group10/set_alert_tags.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/set_alert_tags.ts index 6f64bd313be45..15920ab3993b0 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/set_alert_tags.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/set_alert_tags.ts @@ -13,28 +13,34 @@ import { DETECTION_ENGINE_ALERT_TAGS_URL, } from '@kbn/security-solution-plugin/common/constants'; import { DetectionAlert } from '@kbn/security-solution-plugin/common/api/detection_engine'; -import { FtrProviderContext } from '../../common/ftr_provider_context'; + import { - createSignalsIndex, + createAlertsIndex, deleteAllAlerts, - getQuerySignalIds, + getQueryAlertIds, deleteAllRules, createRule, - waitForSignalsToBePresent, - getSignalsByIds, + waitForAlertsToBePresent, + getAlertsByIds, waitForRuleSuccess, - getRuleForSignalTesting, + getRuleForAlertTesting, + setAlertTags, } from '../../utils'; -import { setAlertTags } from '../../utils/set_alert_tags'; +import { FtrProviderContext } from '../../../../ftr_provider_context'; +import { EsArchivePathBuilder } from '../../../../es_archive_path_builder'; -// eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const esArchiver = getService('esArchiver'); const log = getService('log'); const es = getService('es'); + // TODO: add a new service + const config = getService('config'); + const isServerless = config.get('serverless'); + const dataPathBuilder = new EsArchivePathBuilder(isServerless); + const path = dataPathBuilder.getPath('auditbeat/hosts'); - describe('set_alert_tags', () => { + describe('@ess @serverless set_alert_tags', () => { describe('validation checks', () => { it('should give errors when no alert ids are provided', async () => { const { body } = await supertest @@ -65,19 +71,18 @@ export default ({ getService }: FtrProviderContext) => { }); }); - // Test is failing after changing refresh to false - describe.skip('tests with auditbeat data', () => { + describe('tests with auditbeat data', () => { before(async () => { - await esArchiver.load('x-pack/test/functional/es_archives/auditbeat/hosts'); + await esArchiver.load(path); }); after(async () => { - await esArchiver.unload('x-pack/test/functional/es_archives/auditbeat/hosts'); + await esArchiver.unload(path); }); beforeEach(async () => { await deleteAllRules(supertest, log); - await createSignalsIndex(supertest, log); + await createAlertsIndex(supertest, log); }); afterEach(async () => { @@ -86,13 +91,13 @@ export default ({ getService }: FtrProviderContext) => { it('should be able to add tags to multiple alerts', async () => { const rule = { - ...getRuleForSignalTesting(['auditbeat-*']), + ...getRuleForAlertTesting(['auditbeat-*']), query: 'process.executable: "/usr/bin/sudo"', }; const { id } = await createRule(supertest, log, rule); await waitForRuleSuccess({ supertest, log, id }); - await waitForSignalsToBePresent(supertest, log, 10, [id]); - const alerts = await getSignalsByIds(supertest, log, [id]); + await waitForAlertsToBePresent(supertest, log, 10, [id]); + const alerts = await getAlertsByIds(supertest, log, [id]); const alertIds = alerts.hits.hits.map((alert) => alert._id); await supertest @@ -110,7 +115,7 @@ export default ({ getService }: FtrProviderContext) => { const { body }: { body: estypes.SearchResponse } = await supertest .post(DETECTION_ENGINE_QUERY_SIGNALS_URL) .set('kbn-xsrf', 'true') - .send(getQuerySignalIds(alertIds)) + .send(getQueryAlertIds(alertIds)) .expect(200); body.hits.hits.map((alert) => { @@ -120,13 +125,13 @@ export default ({ getService }: FtrProviderContext) => { it('should be able to add tags to alerts that have tags already and not duplicate them', async () => { const rule = { - ...getRuleForSignalTesting(['auditbeat-*']), + ...getRuleForAlertTesting(['auditbeat-*']), query: 'process.executable: "/usr/bin/sudo"', }; const { id } = await createRule(supertest, log, rule); await waitForRuleSuccess({ supertest, log, id }); - await waitForSignalsToBePresent(supertest, log, 10, [id]); - const alerts = await getSignalsByIds(supertest, log, [id]); + await waitForAlertsToBePresent(supertest, log, 10, [id]); + const alerts = await getAlertsByIds(supertest, log, [id]); const alertIds = alerts.hits.hits.map((alert) => alert._id); await supertest @@ -156,7 +161,7 @@ export default ({ getService }: FtrProviderContext) => { const { body }: { body: estypes.SearchResponse } = await supertest .post(DETECTION_ENGINE_QUERY_SIGNALS_URL) .set('kbn-xsrf', 'true') - .send(getQuerySignalIds(alertIds)) + .send(getQueryAlertIds(alertIds)) .expect(200); body.hits.hits.map((alert) => { @@ -166,13 +171,13 @@ export default ({ getService }: FtrProviderContext) => { it('should be able to remove tags', async () => { const rule = { - ...getRuleForSignalTesting(['auditbeat-*']), + ...getRuleForAlertTesting(['auditbeat-*']), query: 'process.executable: "/usr/bin/sudo"', }; const { id } = await createRule(supertest, log, rule); await waitForRuleSuccess({ supertest, log, id }); - await waitForSignalsToBePresent(supertest, log, 10, [id]); - const alerts = await getSignalsByIds(supertest, log, [id]); + await waitForAlertsToBePresent(supertest, log, 10, [id]); + const alerts = await getAlertsByIds(supertest, log, [id]); const alertIds = alerts.hits.hits.map((alert) => alert._id); await supertest @@ -202,7 +207,7 @@ export default ({ getService }: FtrProviderContext) => { const { body }: { body: estypes.SearchResponse } = await supertest .post(DETECTION_ENGINE_QUERY_SIGNALS_URL) .set('kbn-xsrf', 'true') - .send(getQuerySignalIds(alertIds)) + .send(getQueryAlertIds(alertIds)) .expect(200); body.hits.hits.map((alert) => { @@ -212,13 +217,13 @@ export default ({ getService }: FtrProviderContext) => { it('should be able to remove tags that do not exist without breaking', async () => { const rule = { - ...getRuleForSignalTesting(['auditbeat-*']), + ...getRuleForAlertTesting(['auditbeat-*']), query: 'process.executable: "/usr/bin/sudo"', }; const { id } = await createRule(supertest, log, rule); await waitForRuleSuccess({ supertest, log, id }); - await waitForSignalsToBePresent(supertest, log, 10, [id]); - const alerts = await getSignalsByIds(supertest, log, [id]); + await waitForAlertsToBePresent(supertest, log, 10, [id]); + const alerts = await getAlertsByIds(supertest, log, [id]); const alertIds = alerts.hits.hits.map((alert) => alert._id); await supertest @@ -236,7 +241,7 @@ export default ({ getService }: FtrProviderContext) => { const { body }: { body: estypes.SearchResponse } = await supertest .post(DETECTION_ENGINE_QUERY_SIGNALS_URL) .set('kbn-xsrf', 'true') - .send(getQuerySignalIds(alertIds)) + .send(getQueryAlertIds(alertIds)) .expect(200); body.hits.hits.map((alert) => { diff --git a/x-pack/test/detection_engine_api_integration/utils/get_signal_status_empty_response.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/get_alert_status_empty_response.ts similarity index 100% rename from x-pack/test/detection_engine_api_integration/utils/get_signal_status_empty_response.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/get_alert_status_empty_response.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/get_query_alert_ids.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/get_query_alert_ids.ts new file mode 100644 index 0000000000000..1e5eafa119e8e --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/get_query_alert_ids.ts @@ -0,0 +1,16 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { SignalIds as AlertIds } from '@kbn/security-solution-plugin/common/api/detection_engine'; + +export const getQueryAlertIds = (alertIds: AlertIds) => ({ + query: { + terms: { + _id: alertIds, + }, + }, +}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/index.ts index 0671df4d65c36..ce29837b34f6e 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/index.ts @@ -5,7 +5,6 @@ * 2.0. */ -// TODO rename signal to alert export * from './create_alerts_index'; export * from './delete_all_alerts'; export * from './wait_for_alert_to_complete'; @@ -15,3 +14,9 @@ export * from './get_open_alerts'; export * from './get_alerts_by_ids'; export * from './get_query_alerts_ids'; export * from './get_alerts_by_id'; +export * from './remove_random_valued_properties'; +export * from './set_alert_status'; +export * from './get_alert_status_empty_response'; +export * from './get_query_alert_ids'; +export * from './set_alert_tags'; +export * from './migrations'; diff --git a/x-pack/test/detection_engine_api_integration/utils/delete_migrations.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/migrations/delete_migrations.ts similarity index 100% rename from x-pack/test/detection_engine_api_integration/utils/delete_migrations.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/migrations/delete_migrations.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/migrations/finalize_alerts_migration.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/migrations/finalize_alerts_migration.ts new file mode 100644 index 0000000000000..02a7475f54aac --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/migrations/finalize_alerts_migration.ts @@ -0,0 +1,44 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { ToolingLog } from '@kbn/tooling-log'; +import type SuperTest from 'supertest'; + +import { DETECTION_ENGINE_SIGNALS_FINALIZE_MIGRATION_URL } from '@kbn/security-solution-plugin/common/constants'; + +interface FinalizeMigrationResponse { + id: string; + completed?: boolean; + error?: unknown; +} + +export const finalizeAlertsMigration = async ({ + migrationIds, + supertest, + log, +}: { + supertest: SuperTest.SuperTest; + log: ToolingLog; + migrationIds: string[]; +}): Promise => { + const response = await supertest + .post(DETECTION_ENGINE_SIGNALS_FINALIZE_MIGRATION_URL) + .set('kbn-xsrf', 'true') + .send({ migration_ids: migrationIds }); + + const { + body: { migrations }, + }: { body: { migrations: FinalizeMigrationResponse[] } } = response; + if (response.status !== 200) { + log.error( + `Did not get an expected 200 "ok" when finalizing alerts migration (finalizeAlertsMigration). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + response.body + )}, status: ${JSON.stringify(response.status)}` + ); + } + return migrations; +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/migrations/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/migrations/index.ts new file mode 100644 index 0000000000000..f88761c896055 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/migrations/index.ts @@ -0,0 +1,9 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +export * from './finalize_alerts_migration'; +export * from './start_alerts_migration'; +export * from './delete_migrations'; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/migrations/start_alerts_migration.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/migrations/start_alerts_migration.ts new file mode 100644 index 0000000000000..5d472221154c1 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/migrations/start_alerts_migration.ts @@ -0,0 +1,44 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { ToolingLog } from '@kbn/tooling-log'; +import type SuperTest from 'supertest'; + +import { DETECTION_ENGINE_SIGNALS_MIGRATION_URL } from '@kbn/security-solution-plugin/common/constants'; + +interface CreateMigrationResponse { + index: string; + migration_index: string; + migration_id: string; +} + +export const startAlertsMigration = async ({ + indices, + supertest, + log, +}: { + supertest: SuperTest.SuperTest; + log: ToolingLog; + indices: string[]; +}): Promise => { + const response = await supertest + .post(DETECTION_ENGINE_SIGNALS_MIGRATION_URL) + .set('kbn-xsrf', 'true') + .send({ index: indices }); + + const { + body: { indices: created }, + }: { body: { indices: CreateMigrationResponse[] } } = response; + if (response.status !== 200) { + log.error( + `Did not get an expected 200 "ok" when starting a alerts migration (startAlertsMigration). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + response.body + )}, status: ${JSON.stringify(response.status)}` + ); + } + return created; +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/remove_random_valued_properties.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/remove_random_valued_properties.ts new file mode 100644 index 0000000000000..8530c085e1a5d --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/remove_random_valued_properties.ts @@ -0,0 +1,28 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { DetectionAlert } from '@kbn/security-solution-plugin/common/api/detection_engine'; +import { ALERT_LAST_DETECTED, ALERT_START } from '@kbn/rule-data-utils'; + +export const removeRandomValuedProperties = (alert: DetectionAlert | undefined) => { + if (!alert) { + return undefined; + } + const { + 'kibana.version': version, + 'kibana.alert.rule.execution.uuid': execUuid, + 'kibana.alert.rule.uuid': uuid, + '@timestamp': timestamp, + 'kibana.alert.rule.created_at': createdAt, + 'kibana.alert.rule.updated_at': updatedAt, + 'kibana.alert.uuid': alertUuid, + [ALERT_START]: alertStart, + [ALERT_LAST_DETECTED]: lastDetected, + ...restOfAlert + } = alert; + return restOfAlert; +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/set_alert_status.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/set_alert_status.ts new file mode 100644 index 0000000000000..ebeaef976b41b --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/set_alert_status.ts @@ -0,0 +1,25 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { + Status, + SignalIds as AlertIds, +} from '@kbn/security-solution-plugin/common/api/detection_engine'; + +export const setAlertStatus = ({ + alertIds, + query, + status, +}: { + alertIds?: AlertIds; + query?: object; + status: Status; +}) => ({ + signal_ids: alertIds, + query, + status, +}); diff --git a/x-pack/test/detection_engine_api_integration/utils/set_alert_tags.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/set_alert_tags.ts similarity index 100% rename from x-pack/test/detection_engine_api_integration/utils/set_alert_tags.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/alerts/set_alert_tags.ts diff --git a/x-pack/test/detection_engine_api_integration/utils/get_index_name_from_load.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/get_index_name_from_load.ts similarity index 100% rename from x-pack/test/detection_engine_api_integration/utils/get_index_name_from_load.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/get_index_name_from_load.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/index.ts index 3289ea7d8f7ab..56d166c501b6b 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/index.ts @@ -8,11 +8,14 @@ export * from './rules'; export * from './exception_list_and_item'; export * from './alerts'; export * from './actions'; -export * from './get_rule_so_by_id'; -export * from './create_rule_saved_object'; -export * from './get_rule_with_legacy_investigation_fields'; +export * from './rules/get_rule_so_by_id'; +export * from './rules/create_rule_saved_object'; +export * from './rules/get_rule_with_legacy_investigation_fields'; +export * from './get_index_name_from_load'; export * from './count_down_test'; export * from './count_down_es'; export * from './update_username'; export * from './refresh_index'; +export * from './wait_for'; +export * from './wait_for_index_to_populate'; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/create_rule_saved_object.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/create_rule_saved_object.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/create_rule_saved_object.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/create_rule_saved_object.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/get_rule_so_by_id.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_rule_so_by_id.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/get_rule_so_by_id.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_rule_so_by_id.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/get_rule_with_legacy_investigation_fields.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_rule_with_legacy_investigation_fields.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/get_rule_with_legacy_investigation_fields.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_rule_with_legacy_investigation_fields.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_saved_query_rule_for_alert_testing.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_saved_query_rule_for_alert_testing.ts new file mode 100644 index 0000000000000..01feea137efb6 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_saved_query_rule_for_alert_testing.ts @@ -0,0 +1,26 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { SavedQueryRuleCreateProps } from '@kbn/security-solution-plugin/common/api/detection_engine'; +import { getRuleForAlertTesting } from './get_rule_for_alert_testing'; + +/** + * This is a typical alert testing rule that is easy for most basic testing of output of Saved Query alerts. + * It starts out in an enabled true state. The 'from' is set very far back to test the basics of alert + * creation for SavedQuery and testing by getting all the alerts at once. + * @param ruleId The optional ruleId which is threshold-rule by default. + * @param enabled Enables the rule on creation or not. Defaulted to true. + */ +export const getSavedQueryRuleForAlertTesting = ( + index: string[], + ruleId = 'saved-query-rule', + enabled = true +): SavedQueryRuleCreateProps => ({ + ...getRuleForAlertTesting(index, ruleId, enabled), + type: 'saved_query', + saved_id: 'abcd', +}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_threat_match_rule_for_alert_testing.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_threat_match_rule_for_alert_testing.ts new file mode 100644 index 0000000000000..b0435ccaaaba0 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/get_threat_match_rule_for_alert_testing.ts @@ -0,0 +1,41 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { ThreatMatchRuleCreateProps } from '@kbn/security-solution-plugin/common/api/detection_engine'; +import { getRuleForAlertTesting } from './get_rule_for_alert_testing'; + +/** + * This is a typical alert testing rule that is easy for most basic testing of output of Threat Match alerts. + * It starts out in an enabled true state. The 'from' is set very far back to test the basics of alert + * creation for Threat Match and testing by getting all the alerts at once. + * @param ruleId The optional ruleId which is threshold-rule by default. + * @param enabled Enables the rule on creation or not. Defaulted to true. + */ +export const getThreatMatchRuleForAlertTesting = ( + index: string[], + ruleId = 'threat-match-rule', + enabled = true +): ThreatMatchRuleCreateProps => ({ + ...getRuleForAlertTesting(index, ruleId, enabled), + type: 'threat_match', + language: 'kuery', + query: '*:*', + threat_query: '*:*', + threat_mapping: [ + // We match host.name against host.name + { + entries: [ + { + field: 'host.name', + value: 'host.name', + type: 'mapping', + }, + ], + }, + ], + threat_index: index, // match against same index for simplicity +}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/index.ts index 26862dc62d038..c1810ca6d6560 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/index.ts @@ -32,5 +32,10 @@ export * from './get_rule_with_web_hook_action'; export * from './get_simple_rule_output_with_web_hook_action'; export * from './rule_to_update_schema'; export * from './update_rule'; +export * from './get_threat_match_rule_for_alert_testing'; +export * from './get_saved_query_rule_for_alert_testing'; +export * from './get_rule_so_by_id'; +export * from './create_rule_saved_object'; +export * from './get_rule_with_legacy_investigation_fields'; export * from './prebuilt_rules'; diff --git a/x-pack/test/detection_engine_api_integration/utils/wait_for_index_to_populate.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/wait_for_index_to_populate.ts similarity index 90% rename from x-pack/test/detection_engine_api_integration/utils/wait_for_index_to_populate.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/wait_for_index_to_populate.ts index ceba42efd1793..74e3e8a253769 100644 --- a/x-pack/test/detection_engine_api_integration/utils/wait_for_index_to_populate.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/wait_for_index_to_populate.ts @@ -7,7 +7,7 @@ import type { ToolingLog } from '@kbn/tooling-log'; import type { Client } from '@elastic/elasticsearch'; -import { waitFor } from './wait_for'; +import { waitFor } from '../../../../detection_engine_api_integration/utils/wait_for'; /** * Waits for the given index to contain documents diff --git a/x-pack/test/security_solution_api_integration/tsconfig.json b/x-pack/test/security_solution_api_integration/tsconfig.json index 7690200b3b2f3..b2e2715a52ccd 100644 --- a/x-pack/test/security_solution_api_integration/tsconfig.json +++ b/x-pack/test/security_solution_api_integration/tsconfig.json @@ -29,6 +29,7 @@ "@kbn/securitysolution-list-constants", "@kbn/core-saved-objects-server", "@kbn/core", - "@kbn/alerting-plugin" + "@kbn/alerting-plugin", + "@kbn/securitysolution-ecs" ] } diff --git a/x-pack/test/tsconfig.json b/x-pack/test/tsconfig.json index 8c7a2758f8e29..61c42a76f3d9d 100644 --- a/x-pack/test/tsconfig.json +++ b/x-pack/test/tsconfig.json @@ -106,7 +106,6 @@ "@kbn/journeys", "@kbn/stdio-dev-helpers", "@kbn/alerting-api-integration-helpers", - "@kbn/securitysolution-ecs", "@kbn/cloud-security-posture-plugin", "@kbn/cloud-integration-saml-provider-plugin", "@kbn/security-api-integration-helpers",