From d12b92b63e78bbf208d99d173c43c408f0d27d13 Mon Sep 17 00:00:00 2001 From: Maxim Palenov Date: Fri, 30 May 2025 12:23:45 +0200 Subject: [PATCH] [Security Solution] Refactor prebuilt rules integration tests (#219831) **Related Epic:** https://github.com/elastic/kibana/issues/179907 ## Summary This PR refactors prebuilt rules integration tests structure to streamline the implementation of test plans targeted [Prebuilt Rules Customization Milestone 4](https://github.com/elastic/kibana/issues/179907). ## Details Existing integration tests structure have prebuilt rules related integration tests scattered around rules management area. Due to historical reasons and pace of the prebuilt rules customization development some old tests were updated, some new were added as random spots as well as some new tests structure was suggested. This PR moves files and some tests around to the following structure - `test_suites/detection_response/rules_management/prebuilt_rules` is the root folder for prebuilt rules related integration tests - `customization_disabled` subfolder contains prebuilt rules integration tests covering scenarios when users have **insufficient** for customization license level (basic/essentials) - `customization_enabled` subfolder contains prebuilt rules integration tests covering scenarios when users have **sufficient** for customization license level - `customization_disabled` and `customization_enabled` subfoldera have test suites grouped by sub domains - `prebuilt_rules_package` - contains integration tests related to detection rules Fleet package installation and updating, bootstrap is also belong to here - `install_prebuilt_rules` - contains tests related to prebuilt rules installation from prebuilt rule assets - `upgrade_prebuilt_rules` - contains tests related to prebuilt rules upgrade workflow - `customization` - contains tests related to prebuilt rules customization including `is_customized` calculation - `import_export` - contains tests related to exporting and importing customized and non-customized prebuilt rules - `status` - contain status endpoints related tests (cherry picked from commit 3ea69afa83b692e5d82a0a7bb6d8cd0be014022c) # Conflicts: # .buildkite/ftr_security_serverless_configs.yml # x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/index.ts # x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/is_customized_calculation.ts --- .../ftr_security_serverless_configs.yml | 16 +- .buildkite/ftr_security_stateful_configs.yml | 17 +- .../rule_assets/prebuilt_rule_asset.mock.ts | 1 + .../configs/serverless.config.ts | 29 -- .../configs/ess_basic_license.config.ts | 4 +- .../serverless_essentials_tier.config.ts | 4 +- .../customization/calculate_is_customized.ts} | 2 +- .../customize_via_bulk_editing.ts | 165 +++++++++++ .../customization}/index.ts | 5 +- .../import_export}/export_prebuilt_rules.ts | 8 +- .../import_export}/index.ts | 4 +- .../customization_disabled/index.ts | 17 ++ .../upgrade_prebuilt_rules}/index.ts | 8 +- .../upgrade_prebuilt_rules.ts} | 2 +- .../configs/ess.config.ts | 4 +- .../configs/serverless.config.ts | 4 +- .../customization/calculate_is_customized.ts | 199 ++++++++++++++ .../customize_prebuilt_rules.ts} | 4 +- .../customize_via_bulk_editing.ts | 106 +++++++ .../customization/index.ts | 14 + .../import_export/export_prebuilt_rules.ts} | 92 ++++++- .../import_export/import_prebuilt_rules.ts} | 50 +++- .../import_export/index.ts | 13 + .../customization_enabled/index.ts | 18 ++ .../install_prebuilt_rules/index.ts | 12 + .../install_mocked_prebuilt_rule_assets.ts} | 258 ++++++++++++------ .../configs/ess_air_gapped.config.ts} | 15 +- .../ess_air_gapped_large_package.config.ts} | 20 +- .../security_detection_engine-100.0.0.zip | Bin .../security_detection_engine-99.0.0.zip | Bin ...ecurity_detection_engine-99.0.1-beta.1.zip | Bin .../air_gapped/index.ts | 15 + .../air_gapped/install_bundled_package.ts} | 10 +- .../install_large_bundled_package.ts} | 8 +- .../air_gapped}/prerelease_packages.ts | 12 +- .../bootstrap_prebuilt_rules.ts | 0 .../prebuilt_rules_package}/index.ts | 7 +- .../install_package_from_epr.ts} | 2 +- .../prebuilt_rules_package/update_package.ts} | 2 +- .../status}/get_prebuilt_rules_status.ts | 0 .../customization_enabled/status/index.ts | 13 + .../legacy}/get_prebuilt_timelines_status.ts | 4 +- .../bulk_upgrade_all_prebuilt_rules.ts | 18 +- .../bulk_upgrade_selected_prebuilt_rules.ts | 18 +- .../common_fields/alert_suppression.ts | 14 +- .../common_fields/building_block.ts | 14 +- .../common_fields/configs/ess.config.ts | 4 +- .../configs/serverless.config.ts | 2 +- .../common_fields/data_source.ts | 28 +- .../common_fields/description.ts | 14 +- .../common_fields/false_positives.ts | 14 +- .../common_fields/index.ts | 0 .../common_fields/investigation_fields.ts | 14 +- .../common_fields/max_signals.ts | 14 +- .../common_fields/name.ts | 14 +- .../common_fields/note.ts | 14 +- .../common_fields/references.ts | 14 +- .../common_fields/related_integrations.ts | 14 +- .../common_fields/required_fields.ts | 14 +- .../common_fields/risk_score.ts | 14 +- .../common_fields/risk_score_mapping.ts | 14 +- .../common_fields/rule_name_override.ts | 14 +- .../common_fields/rule_schedule.ts | 14 +- .../common_fields/setup.ts | 14 +- .../common_fields/severity.ts | 14 +- .../common_fields/severity_mapping.ts | 14 +- .../common_fields/tags.ts | 14 +- .../common_fields/threat.ts | 14 +- .../common_fields/timeline_template.ts | 14 +- .../common_fields/timestamp_override.ts | 14 +- .../diffable_rule_fields/test_helpers.ts | 0 .../type_specific_fields/anomaly_threshold.ts | 14 +- .../configs/ess.config.ts | 4 +- .../configs/serverless.config.ts | 2 +- .../type_specific_fields/eql_query.ts | 14 +- .../type_specific_fields/esql_query.ts | 14 +- .../history_window_start.ts | 14 +- .../type_specific_fields/index.ts | 0 .../kql_query.inline_query.ts | 14 +- .../kql_query.saved_query.ts | 14 +- .../machine_learning_job_id.ts | 14 +- .../type_specific_fields/new_terms_fields.ts | 14 +- .../type_specific_fields/threat_index.ts | 14 +- .../threat_indicator_path.ts | 14 +- .../type_specific_fields/threat_mapping.ts | 14 +- .../type_specific_fields/threat_query.ts | 14 +- .../type_specific_fields/threshold.ts | 14 +- .../upgrade_prebuilt_rules}/index.ts | 9 +- .../review_prebuilt_rules_upgrade.ts} | 5 +- .../upgrade_single_prebuilt_rule.ts | 44 +-- .../configs/serverless.config.ts | 37 --- .../configs/ess.config.ts | 23 -- .../configs/serverless.config.ts | 16 -- .../trial_license_complete_tier/index.ts | 19 -- .../install_prebuilt_rules.ts | 132 --------- .../configs/ess_basic_license.config.ts | 25 -- .../serverless_essentials_tier.config.ts | 16 -- .../customization_enabled/index.ts | 19 -- .../is_customized_calculation.ts | 200 -------------- .../upgrade_prebuilt_rules/index.ts | 30 -- .../configs/ess.config.ts | 23 -- .../configs/serverless.config.ts | 16 -- .../perform_bulk_action.ts | 61 ----- .../perform_bulk_action_dry_run.ts | 32 +-- .../export_prebuilt_rules_feature_enabled.ts | 122 --------- ...wed_importing_customized_prebuilt_rules.ts | 73 ----- .../configs/ess_enterprise_license.config.ts | 25 -- .../serverless_complete_tier.config.ts | 16 -- .../feature_enabled/index.ts | 14 - ...importing_non_customized_prebuilt_rules.ts | 65 ----- .../configs/ess_basic_license.config.ts | 25 -- .../serverless_essentials_tier.config.ts | 16 -- .../feature_enabled/index.ts | 14 - .../import_rules.ts | 93 ------- .../get_rule_management_filters.ts | 7 +- .../create_prebuilt_rule_saved_objects.ts | 6 +- 116 files changed, 1277 insertions(+), 1636 deletions(-) delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/{rule_import_export/export_prebuilt_rules/feature_enabled => prebuilt_rules/customization_disabled}/configs/ess_basic_license.config.ts (76%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/{rule_import_export/export_prebuilt_rules/feature_enabled => prebuilt_rules/customization_disabled}/configs/serverless_essentials_tier.config.ts (62%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_disabled/is_customized_calculation.ts => customization_disabled/customization/calculate_is_customized.ts} (97%) create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/customize_via_bulk_editing.ts rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{update_prebuilt_rules_package/trial_license_complete_tier => customization_disabled/customization}/index.ts (70%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_disabled/rules_export => customization_disabled/import_export}/export_prebuilt_rules.ts (89%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{large_prebuilt_rules_package/trial_license_complete_tier => customization_disabled/import_export}/index.ts (69%) create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/index.ts rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/{rule_import_export/export_prebuilt_rules/feature_enabled => prebuilt_rules/customization_disabled/upgrade_prebuilt_rules}/index.ts (60%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_disabled/upgrade_perform_prebuilt_rules.ts => customization_disabled/upgrade_prebuilt_rules/upgrade_prebuilt_rules.ts} (97%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization => }/customization_enabled/configs/ess.config.ts (78%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization => }/customization_enabled/configs/serverless.config.ts (66%) create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/calculate_is_customized.ts rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled/rule_customization.ts => customization_enabled/customization/customize_prebuilt_rules.ts} (99%) create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/customize_via_bulk_editing.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/index.ts rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled/rules_export.ts => customization_enabled/import_export/export_prebuilt_rules.ts} (77%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled/import_rules.ts => customization_enabled/import_export/import_prebuilt_rules.ts} (88%) create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/import_export/index.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/index.ts create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/install_prebuilt_rules/index.ts rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{management/trial_license_complete_tier/install_prebuilt_rules_with_historical_versions.ts => customization_enabled/install_prebuilt_rules/install_mocked_prebuilt_rule_assets.ts} (50%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{bundled_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts => customization_enabled/prebuilt_rules_package/air_gapped/configs/ess_air_gapped.config.ts} (70%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{large_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts => customization_enabled/prebuilt_rules_package/air_gapped/configs/ess_air_gapped_large_package.config.ts} (66%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{large_prebuilt_rules_package/trial_license_complete_tier/fleet_bundled_packages/fixtures => customization_enabled/prebuilt_rules_package/air_gapped/fixtures/packages/large}/security_detection_engine-100.0.0.zip (100%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{bundled_prebuilt_rules_package/trial_license_complete_tier/fleet_bundled_packages/fixtures => customization_enabled/prebuilt_rules_package/air_gapped/fixtures/packages}/security_detection_engine-99.0.0.zip (100%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{bundled_prebuilt_rules_package/trial_license_complete_tier/fleet_bundled_packages/fixtures => customization_enabled/prebuilt_rules_package/air_gapped/fixtures/packages}/security_detection_engine-99.0.1-beta.1.zip (100%) create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/index.ts rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{bundled_prebuilt_rules_package/trial_license_complete_tier/install_latest_bundled_prebuilt_rules.ts => customization_enabled/prebuilt_rules_package/air_gapped/install_bundled_package.ts} (92%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{large_prebuilt_rules_package/trial_license_complete_tier/install_large_prebuilt_rules_package.ts => customization_enabled/prebuilt_rules_package/air_gapped/install_large_bundled_package.ts} (86%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{bundled_prebuilt_rules_package/trial_license_complete_tier => customization_enabled/prebuilt_rules_package/air_gapped}/prerelease_packages.ts (92%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{management/trial_license_complete_tier => customization_enabled/prebuilt_rules_package}/bootstrap_prebuilt_rules.ts (100%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{bundled_prebuilt_rules_package/trial_license_complete_tier => customization_enabled/prebuilt_rules_package}/index.ts (63%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{management/trial_license_complete_tier/fleet_integration.ts => customization_enabled/prebuilt_rules_package/install_package_from_epr.ts} (97%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{update_prebuilt_rules_package/trial_license_complete_tier/update_prebuilt_rules_package.ts => customization_enabled/prebuilt_rules_package/update_package.ts} (99%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{management/trial_license_complete_tier => customization_enabled/status}/get_prebuilt_rules_status.ts (100%) create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/status/index.ts rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{management/trial_license_complete_tier => customization_enabled/status/legacy}/get_prebuilt_timelines_status.ts (93%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization => }/customization_enabled/upgrade_prebuilt_rules/bulk_upgrade_all_prebuilt_rules.ts (94%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization => }/customization_enabled/upgrade_prebuilt_rules/bulk_upgrade_selected_prebuilt_rules.ts (95%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/common_fields/alert_suppression.ts (94%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/common_fields/building_block.ts (94%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/common_fields/configs/ess.config.ts (84%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields => customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields}/configs/serverless.config.ts (80%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/common_fields/data_source.ts (94%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/common_fields/description.ts (95%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/common_fields/false_positives.ts (94%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/common_fields/index.ts (100%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/common_fields/investigation_fields.ts (94%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/common_fields/max_signals.ts (93%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/common_fields/name.ts (93%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/common_fields/note.ts (94%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/common_fields/references.ts (94%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/common_fields/related_integrations.ts (96%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/common_fields/required_fields.ts (96%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/common_fields/risk_score.ts (93%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/common_fields/risk_score_mapping.ts (97%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/common_fields/rule_name_override.ts (94%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/common_fields/rule_schedule.ts (95%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/common_fields/setup.ts (94%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/common_fields/severity.ts (93%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/common_fields/severity_mapping.ts (97%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/common_fields/tags.ts (93%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/common_fields/threat.ts (97%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/common_fields/timeline_template.ts (95%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/common_fields/timestamp_override.ts (94%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/test_helpers.ts (100%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/type_specific_fields/anomaly_threshold.ts (94%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/type_specific_fields/configs/ess.config.ts (84%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields => customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields}/configs/serverless.config.ts (80%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/type_specific_fields/eql_query.ts (96%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/type_specific_fields/esql_query.ts (95%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/type_specific_fields/history_window_start.ts (94%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/type_specific_fields/index.ts (100%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/type_specific_fields/kql_query.inline_query.ts (97%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/type_specific_fields/kql_query.saved_query.ts (95%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/type_specific_fields/machine_learning_job_id.ts (94%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/type_specific_fields/new_terms_fields.ts (94%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/type_specific_fields/threat_index.ts (94%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/type_specific_fields/threat_indicator_path.ts (94%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/type_specific_fields/threat_mapping.ts (96%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/type_specific_fields/threat_query.ts (96%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled => customization_enabled/upgrade_prebuilt_rules}/diffable_rule_fields/type_specific_fields/threshold.ts (94%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_disabled => customization_enabled/upgrade_prebuilt_rules}/index.ts (54%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization/customization_enabled/preview_prebuilt_rules_upgrade.ts => customization_enabled/upgrade_prebuilt_rules/review_prebuilt_rules_upgrade.ts} (98%) rename x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/{prebuilt_rule_customization => }/customization_enabled/upgrade_prebuilt_rules/upgrade_single_prebuilt_rule.ts (93%) delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/configs/ess.config.ts delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/configs/serverless.config.ts delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/index.ts delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/install_prebuilt_rules.ts delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess_basic_license.config.ts delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/serverless_essentials_tier.config.ts delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/index.ts delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/is_customized_calculation.ts delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/upgrade_prebuilt_rules/index.ts delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/export_prebuilt_rules_feature_enabled.ts delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/allowed_importing_customized_prebuilt_rules.ts delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/ess_enterprise_license.config.ts delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/serverless_complete_tier.config.ts delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/index.ts delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/allowed_importing_non_customized_prebuilt_rules.ts delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts delete mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/index.ts diff --git a/.buildkite/ftr_security_serverless_configs.yml b/.buildkite/ftr_security_serverless_configs.yml index 90911fadac914..c40857418320d 100644 --- a/.buildkite/ftr_security_serverless_configs.yml +++ b/.buildkite/ftr_security_serverless_configs.yml @@ -16,7 +16,6 @@ disabled: # MKI only configs files - x-pack/test_serverless/functional/test_suites/security/config.mki_only.ts - - x-pack/test_serverless/api_integration/test_suites/security/config.ts - x-pack/test_serverless/api_integration/test_suites/security/config.feature_flags.ts - x-pack/test_serverless/api_integration/test_suites/security/common_configs/config.group1.ts @@ -71,22 +70,15 @@ disabled: - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/configs/serverless.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/configs/serverless.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/serverless.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/configs/serverless.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/serverless.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/serverless_essentials_tier.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/configs/serverless_essentials_tier.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/configs/serverless.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/configs/serverless.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/configs/serverless.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/serverless_complete_tier.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/basic_license_essentials_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/trial_license_complete_tier/configs/serverless.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/configs/serverless.config.ts diff --git a/.buildkite/ftr_security_stateful_configs.yml b/.buildkite/ftr_security_stateful_configs.yml index c810b4f063571..839e2a3f341bc 100644 --- a/.buildkite/ftr_security_stateful_configs.yml +++ b/.buildkite/ftr_security_stateful_configs.yml @@ -57,23 +57,18 @@ enabled: - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/configs/ess.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/configs/ess.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/ess.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/configs/ess.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/ess.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess_basic_license.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/configs/ess_basic_license.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/configs/ess.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/configs/ess.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/configs/ess.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/configs/ess_air_gapped_large_package.config.ts + - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/configs/ess_air_gapped.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/basic_license_essentials_tier/configs/ess.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/ess_enterprise_license.config.ts - - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/configs/ess.config.ts - x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/configs/ess.config.ts diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/model/rule_assets/prebuilt_rule_asset.mock.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/model/rule_assets/prebuilt_rule_asset.mock.ts index 2b5d1d4701d7a..c75382295f619 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/model/rule_assets/prebuilt_rule_asset.mock.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/model/rule_assets/prebuilt_rule_asset.mock.ts @@ -33,6 +33,7 @@ export const getPrebuiltRuleMock = (rewrites?: Partial): Preb version: 1, author: [], license: 'Elastic License v2', + index: ['index-1', 'index-2'], ...rewrites, }); }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts deleted file mode 100644 index 2930438a76a0d..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import path from 'path'; -import { createTestConfig } from '../../../../../../../config/serverless/config.base'; - -export const BUNDLED_PACKAGE_DIR = path.join( - path.dirname(__filename), - './../fleet_bundled_packages/fixtures' -); -export default createTestConfig({ - testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Bundled Prebuilt Rules Integration Tests - Serverless Env - Complete License', - }, - kbnTestServerArgs: [ - /* Tests in this directory simulate an air-gapped environment in which the instance doesn't have access to EPR. - * To do that, we point the Fleet url to an invalid URL, and instruct Fleet to fetch bundled packages at the - * location defined in BUNDLED_PACKAGE_DIR. - */ - `--xpack.fleet.registryUrl=http://invalidURL:8080`, - `--xpack.fleet.developer.bundledPackageLocation=${BUNDLED_PACKAGE_DIR}`, - ], -}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/configs/ess_basic_license.config.ts similarity index 76% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/configs/ess_basic_license.config.ts index e72ae9a45ecb4..f120009a5e89b 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/configs/ess_basic_license.config.ts @@ -9,7 +9,7 @@ import { FtrConfigProviderContext } from '@kbn/test'; export default async function ({ readConfigFile }: FtrConfigProviderContext) { const functionalConfig = await readConfigFile( - require.resolve('../../../../../../../config/ess/config.base.trial') + require.resolve('../../../../../../config/ess/config.base.basic') ); const testConfig = { @@ -17,7 +17,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Prebuilt Rule Export Integration Tests - Customization enabled - ESS Env', + 'Rules Management - Prebuilt Rules (Customization Disabled) Integration Tests - ESS Env Basic License', }, }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/configs/serverless_essentials_tier.config.ts similarity index 62% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/configs/serverless_essentials_tier.config.ts index ac783accd0b12..741d45f9adac9 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/configs/serverless_essentials_tier.config.ts @@ -5,12 +5,12 @@ * 2.0. */ -import { createTestConfig } from '../../../../../../../config/serverless/config.base.essentials'; +import { createTestConfig } from '../../../../../../config/serverless/config.base.essentials'; export default createTestConfig({ testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Prebuilt Rule Export Integration Tests - Customization enabled - Serverless Env', + 'Rules Management - Prebuilt Rules (Customization Disabled) Integration Tests - Serverless Env Essentials Tier', }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/is_customized_calculation.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/calculate_is_customized.ts similarity index 97% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/is_customized_calculation.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/calculate_is_customized.ts index e598f1c59fe2c..6f42b26bc6441 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/is_customized_calculation.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/calculate_is_customized.ts @@ -29,7 +29,7 @@ export default ({ getService }: FtrProviderContext) => { rule_id: 'test-rule-id', }); - describe('@ess @serverless @skipInServerlessMKI is_customized calculation with disabled customization', () => { + describe('@ess @serverless @skipInServerlessMKI Calculate "is_customized"', () => { beforeEach(async () => { await deleteAllRules(supertest, log); await deleteAllPrebuiltRuleAssets(es, log); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/customize_via_bulk_editing.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/customize_via_bulk_editing.ts new file mode 100644 index 0000000000000..7784d1c77073e --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/customize_via_bulk_editing.ts @@ -0,0 +1,165 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import expect from 'expect'; +import { + BulkActionTypeEnum, + BulkActionEditTypeEnum, + BulkActionEditPayload, +} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management'; +import { installMockPrebuiltRules } from '../../../../utils'; +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; + +export default ({ getService }: FtrProviderContext): void => { + const supertest = getService('supertest'); + const es = getService('es'); + const securitySolutionApi = getService('securitySolutionApi'); + + const fetchPrebuiltRule = async () => { + const { + body: { + data: [prebuiltRule], + }, + } = await securitySolutionApi.findRules({ + query: { + filter: 'alert.attributes.params.immutable: true', + per_page: 1, + }, + }); + + return prebuiltRule; + }; + + describe('@ess @serverless @skipInServerless Customize via bulk editing', () => { + const bulkEditingCases = [ + { + type: BulkActionEditTypeEnum.add_tags, + value: ['new-tag'], + }, + { + type: BulkActionEditTypeEnum.set_tags, + value: ['new-tag'], + }, + { + type: BulkActionEditTypeEnum.delete_tags, + value: ['new-tag'], + }, + { + type: BulkActionEditTypeEnum.add_index_patterns, + value: ['test-*'], + }, + { + type: BulkActionEditTypeEnum.set_index_patterns, + value: ['test-*'], + }, + { + type: BulkActionEditTypeEnum.delete_index_patterns, + // We have to make sure rule has non empty index patterns after this action + // otherwise API returns 500 error + value: ['unknown-*'], + }, + { + type: BulkActionEditTypeEnum.set_timeline, + value: { timeline_id: 'mock-id', timeline_title: 'mock-title' }, + }, + { + type: BulkActionEditTypeEnum.set_schedule, + value: { interval: '1m', lookback: '1m' }, + }, + ]; + + bulkEditingCases.forEach(({ type, value }) => { + it(`returns an error after applying "${type}" bulk edit action to prebuilt rules`, async () => { + await installMockPrebuiltRules(supertest, es); + + const prebuiltRule = await fetchPrebuiltRule(); + + await securitySolutionApi + .performRulesBulkAction({ + query: {}, + body: { + ids: [prebuiltRule.id], + action: BulkActionTypeEnum.edit, + [BulkActionTypeEnum.edit]: [ + { + type, + value, + } as BulkActionEditPayload, + ], + }, + }) + .expect(500); + }); + }); + + // if rule action is applied together with another edit action, that can't be applied to prebuilt rule (for example: tags action) + // bulk edit request should return error + it(`returns an error if one of edit action is not eligible for prebuilt rule`, async () => { + const webHookAction = { + // Higher license level is required for creating connectors + // Using the pre-configured connector for testing + id: 'my-test-email', + group: 'default', + params: { + body: '{"test":"action to be saved in a rule"}', + }, + }; + + await installMockPrebuiltRules(supertest, es); + const prebuiltRule = await fetchPrebuiltRule(); + + const { body } = await securitySolutionApi + .performRulesBulkAction({ + query: {}, + body: { + ids: [prebuiltRule.id], + action: BulkActionTypeEnum.edit, + [BulkActionTypeEnum.edit]: [ + { + type: BulkActionEditTypeEnum.set_rule_actions, + value: { + throttle: '1h', + actions: [webHookAction], + }, + }, + { + type: BulkActionEditTypeEnum.set_tags, + value: ['tag-1'], + }, + ], + }, + }) + .expect(500); + + expect(body.attributes.summary).toEqual({ + failed: 1, + skipped: 0, + succeeded: 0, + total: 1, + }); + expect(body.attributes.errors[0]).toEqual({ + message: "Elastic rule can't be edited", + status_code: 500, + rules: [ + { + id: prebuiltRule.id, + name: prebuiltRule.name, + }, + ], + }); + + // Check that the updates were not made + const { body: readRule } = await securitySolutionApi + .readRule({ query: { rule_id: prebuiltRule.rule_id } }) + .expect(200); + + expect(readRule.actions).toEqual(prebuiltRule.actions); + expect(readRule.tags).toEqual(prebuiltRule.tags); + expect(readRule.version).toBe(prebuiltRule.version); + }); + }); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/index.ts similarity index 70% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/index.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/index.ts index 61c3437518100..c5b37f0817a3a 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/index.ts @@ -8,7 +8,6 @@ import { FtrProviderContext } from '../../../../../../ftr_provider_context'; export default ({ loadTestFile }: FtrProviderContext): void => { - describe('Rules Management - Prebuilt Rules - Update Prebuilt Rules Package', function () { - loadTestFile(require.resolve('./update_prebuilt_rules_package')); - }); + loadTestFile(require.resolve('./calculate_is_customized')); + loadTestFile(require.resolve('./customize_via_bulk_editing')); }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/rules_export/export_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/import_export/export_prebuilt_rules.ts similarity index 89% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/rules_export/export_prebuilt_rules.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/import_export/export_prebuilt_rules.ts index b462824541e54..c3a39540a7cfd 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/rules_export/export_prebuilt_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/import_export/export_prebuilt_rules.ts @@ -7,7 +7,7 @@ import expect from 'expect'; import { BulkActionTypeEnum } from '@kbn/security-solution-plugin/common/api/detection_engine'; -import { FtrProviderContext } from '../../../../../../../ftr_provider_context'; +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; import { binaryToString, createPrebuiltRuleAssetSavedObjects, @@ -15,8 +15,8 @@ import { deleteAllPrebuiltRuleAssets, installPrebuiltRules, parseNdJson, -} from '../../../../../utils'; -import { deleteAllRules } from '../../../../../../../../common/utils/security_solution'; +} from '../../../../utils'; +import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); @@ -24,7 +24,7 @@ export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const log = getService('log'); - describe('@ess @serverless @skipInServerlessMKI Prebuilt rule export - feature disabled', () => { + describe('@ess @serverless @skipInServerlessMKI Prebuilt rules export', () => { beforeEach(async () => { await deleteAllRules(supertest, log); await deleteAllPrebuiltRuleAssets(es, log); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/import_export/index.ts similarity index 69% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/index.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/import_export/index.ts index 8a43cdafeb3e6..7be3a406d0481 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/import_export/index.ts @@ -8,7 +8,5 @@ import { FtrProviderContext } from '../../../../../../ftr_provider_context'; export default ({ loadTestFile }: FtrProviderContext): void => { - describe('Rules Management - Prebuilt Rules - Large Prebuilt Rules Package', function () { - loadTestFile(require.resolve('./install_large_prebuilt_rules_package')); - }); + loadTestFile(require.resolve('./export_prebuilt_rules')); }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/index.ts new file mode 100644 index 0000000000000..55c615a11c895 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/index.ts @@ -0,0 +1,17 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrProviderContext } from '../../../../../ftr_provider_context'; + +export default ({ loadTestFile }: FtrProviderContext): void => { + describe('Rules Management - Prebuilt Rules - Prebuilt Rule (Customization Disabled)', function () { + this.tags('skipFIPS'); + loadTestFile(require.resolve('./customization')); + loadTestFile(require.resolve('./import_export')); + loadTestFile(require.resolve('./upgrade_prebuilt_rules')); + }); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/upgrade_prebuilt_rules/index.ts similarity index 60% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/index.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/upgrade_prebuilt_rules/index.ts index fdc218eed10d9..8d96ac6c1f4f5 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/upgrade_prebuilt_rules/index.ts @@ -7,8 +7,6 @@ import { FtrProviderContext } from '../../../../../../ftr_provider_context'; -export default function ({ loadTestFile }: FtrProviderContext) { - describe('Rules Management - Prebuilt rule export', function () { - loadTestFile(require.resolve('./export_prebuilt_rules_feature_enabled')); - }); -} +export default ({ loadTestFile }: FtrProviderContext): void => { + loadTestFile(require.resolve('./upgrade_prebuilt_rules')); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/upgrade_perform_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/upgrade_prebuilt_rules/upgrade_prebuilt_rules.ts similarity index 97% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/upgrade_perform_prebuilt_rules.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/upgrade_prebuilt_rules/upgrade_prebuilt_rules.ts index 26362f7b8faaa..7247f7de8d37a 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/upgrade_perform_prebuilt_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/upgrade_prebuilt_rules/upgrade_prebuilt_rules.ts @@ -43,7 +43,7 @@ export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const log = getService('log'); - describe('@ess @serverless @skipInServerlessMKI Perform Prebuilt Rule Upgrades - Customization Disabled', () => { + describe('@ess @serverless @skipInServerlessMKI Upgrade prebuilt rules', () => { beforeEach(async () => { await deleteAllRules(supertest, log); await deleteAllPrebuiltRuleAssets(es, log); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/configs/ess.config.ts similarity index 78% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/ess.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/configs/ess.config.ts index a4b57fbb77ea9..b1534cd748066 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/configs/ess.config.ts @@ -9,7 +9,7 @@ import { FtrConfigProviderContext } from '@kbn/test'; export default async function ({ readConfigFile }: FtrConfigProviderContext) { const functionalConfig = await readConfigFile( - require.resolve('../../../../../../../config/ess/config.base.trial') + require.resolve('../../../../../../config/ess/config.base.trial') ); const testConfig = { @@ -17,7 +17,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Prebuilt Rule Customization Enabled Integration Tests - ESS Env', + 'Rules Management - Prebuilt Rules (Customization Enabled) Integration Tests - ESS Env', }, }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/configs/serverless.config.ts similarity index 66% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/serverless.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/configs/serverless.config.ts index e9d65f209eb70..662cae940c712 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/configs/serverless.config.ts @@ -5,12 +5,12 @@ * 2.0. */ -import { createTestConfig } from '../../../../../../../config/serverless/config.base'; +import { createTestConfig } from '../../../../../../config/serverless/config.base'; export default createTestConfig({ testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Prebuilt Rule Customization Enabled Integration Tests - Serverless Env', + 'Rules Management - Prebuilt Rules (Customization Enabled) Integration Tests - Serverless Env', }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/calculate_is_customized.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/calculate_is_customized.ts new file mode 100644 index 0000000000000..38f75baaed2b6 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/calculate_is_customized.ts @@ -0,0 +1,199 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import expect from 'expect'; +import { + BulkActionEditTypeEnum, + BulkActionTypeEnum, +} from '@kbn/security-solution-plugin/common/api/detection_engine'; +import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; +import { + createPrebuiltRuleAssetSavedObjects, + createRuleAssetSavedObject, + deleteAllPrebuiltRuleAssets, + installPrebuiltRules, +} from '../../../../utils'; + +export default ({ getService }: FtrProviderContext): void => { + const es = getService('es'); + const supertest = getService('supertest'); + const securitySolutionApi = getService('securitySolutionApi'); + const log = getService('log'); + + const ruleAsset = createRuleAssetSavedObject({ + rule_id: '000047bb-b27a-47ec-8b62-ef1a5d2c9e19', + tags: ['test-tag'], + }); + + describe('@ess @serverless @skipInServerlessMKI Calculate "is_customized"', () => { + beforeEach(async () => { + await deleteAllRules(supertest, log); + await deleteAllPrebuiltRuleAssets(es, log); + }); + + it('sets "is_customized" to true on bulk prebuilt rule modification', async () => { + await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); + await installPrebuiltRules(es, supertest); + + const { body: findResult } = await securitySolutionApi + .findRules({ + query: { + per_page: 1, + filter: `alert.attributes.params.immutable: true`, + }, + }) + .expect(200); + const prebuiltRule = findResult.data[0]; + expect(prebuiltRule).toBeDefined(); + expect(prebuiltRule.rule_source.is_customized).toEqual(false); + + const { body: bulkResult } = await securitySolutionApi + .performRulesBulkAction({ + query: {}, + body: { + ids: [prebuiltRule.id], + action: BulkActionTypeEnum.edit, + [BulkActionTypeEnum.edit]: [ + { + type: BulkActionEditTypeEnum.add_tags, + value: ['new-tag'], + }, + ], + }, + }) + .expect(200); + + expect(bulkResult.attributes.summary).toEqual({ + failed: 0, + skipped: 0, + succeeded: 1, + total: 1, + }); + expect(bulkResult.attributes.results.updated[0].rule_source.is_customized).toEqual(true); + }); + + it('leaves "is_customized" intact if the change has been skipped', async () => { + await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); + await installPrebuiltRules(es, supertest); + + const { body: findResult } = await securitySolutionApi + .findRules({ + query: { + per_page: 1, + filter: `alert.attributes.params.immutable: true`, + }, + }) + .expect(200); + const prebuiltRule = findResult.data[0]; + expect(prebuiltRule).toBeDefined(); + expect(prebuiltRule.rule_source.is_customized).toEqual(false); + + const { body: bulkResult } = await securitySolutionApi + .performRulesBulkAction({ + query: {}, + body: { + ids: [prebuiltRule.id], + action: BulkActionTypeEnum.edit, + [BulkActionTypeEnum.edit]: [ + { + type: BulkActionEditTypeEnum.add_tags, + // This tag is already present on the rule, so the change will be skipped + value: [prebuiltRule.tags[0]], + }, + ], + }, + }) + .expect(200); + + expect(bulkResult.attributes.summary).toEqual({ + failed: 0, + skipped: 1, + succeeded: 0, + total: 1, + }); + + // Check that the rule has not been customized + const { body: findResultAfter } = await securitySolutionApi + .findRules({ + query: { + per_page: 1, + filter: `alert.attributes.params.immutable: true`, + }, + }) + .expect(200); + expect(findResultAfter.data[0].rule_source.is_customized).toEqual(false); + }); + + it('sets "is_customized" to false if the change has been reverted', async () => { + await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); + await installPrebuiltRules(es, supertest); + + const { body: findResult } = await securitySolutionApi + .findRules({ + query: { + per_page: 1, + filter: `alert.attributes.params.immutable: true`, + }, + }) + .expect(200); + const prebuiltRule = findResult.data[0]; + expect(prebuiltRule).toBeDefined(); + expect(prebuiltRule.rule_source.is_customized).toEqual(false); + + // Add a tag to the rule + const { body: bulkResult } = await securitySolutionApi + .performRulesBulkAction({ + query: {}, + body: { + ids: [prebuiltRule.id], + action: BulkActionTypeEnum.edit, + [BulkActionTypeEnum.edit]: [ + { + type: BulkActionEditTypeEnum.add_tags, + value: ['new-tag'], + }, + ], + }, + }) + .expect(200); + + expect(bulkResult.attributes.summary).toEqual({ + failed: 0, + skipped: 0, + succeeded: 1, + total: 1, + }); + + // Remove the added tag + const { body: revertResult } = await securitySolutionApi + .performRulesBulkAction({ + query: {}, + body: { + ids: [prebuiltRule.id], + action: BulkActionTypeEnum.edit, + [BulkActionTypeEnum.edit]: [ + { + type: BulkActionEditTypeEnum.delete_tags, + value: ['new-tag'], + }, + ], + }, + }) + .expect(200); + + expect(revertResult.attributes.summary).toEqual({ + failed: 0, + skipped: 0, + succeeded: 1, + total: 1, + }); + + expect(revertResult.attributes.results.updated[0].rule_source.is_customized).toEqual(false); + }); + }); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/rule_customization.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/customize_prebuilt_rules.ts similarity index 99% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/rule_customization.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/customize_prebuilt_rules.ts index 05eb432698b1d..d1b431898b1ca 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/rule_customization.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/customize_prebuilt_rules.ts @@ -29,7 +29,7 @@ export default ({ getService }: FtrProviderContext): void => { rule_id: 'rule_1', }); - describe('@ess @serverless @skipInServerlessMKI rule customization', () => { + describe('@ess @serverless @skipInServerlessMKI Customize prebuilt rules', () => { before(async () => { await deleteAllRules(supertest, log); await deleteAllPrebuiltRuleAssets(es, log); @@ -389,7 +389,7 @@ export default ({ getService }: FtrProviderContext): void => { it('data_view_id field', async () => { const { body } = await securitySolutionApi .patchRule({ - body: { rule_id: 'rule_1', data_view_id: 'new-data-view', index: undefined }, + body: { rule_id: 'rule_1', data_view_id: 'new-data-view', index: [] }, }) .expect(200); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/customize_via_bulk_editing.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/customize_via_bulk_editing.ts new file mode 100644 index 0000000000000..208986ba0d45e --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/customize_via_bulk_editing.ts @@ -0,0 +1,106 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import expect from 'expect'; +import { + BulkActionTypeEnum, + BulkActionEditTypeEnum, + BulkActionEditPayload, +} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management'; +import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; +import { deleteAllPrebuiltRuleAssets, installMockPrebuiltRules } from '../../../../utils'; +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; + +export default ({ getService }: FtrProviderContext): void => { + const supertest = getService('supertest'); + const es = getService('es'); + const securitySolutionApi = getService('securitySolutionApi'); + const log = getService('log'); + + describe('@ess @serverless @skipInServerless Customize via bulk editing', () => { + before(async () => { + await deleteAllRules(supertest, log); + await deleteAllPrebuiltRuleAssets(es, log); + }); + + const bulkEditingCases = [ + { + type: BulkActionEditTypeEnum.add_tags, + value: ['new-tag'], + }, + { + type: BulkActionEditTypeEnum.set_tags, + value: ['new-tag'], + }, + { + type: BulkActionEditTypeEnum.delete_tags, + value: ['test-tag'], + }, + { + type: BulkActionEditTypeEnum.delete_index_patterns, + // Testing index pattern removal requires as minimum of two index patterns + // to have a valid rule after the edit. + value: ['index-1'], + }, + { + type: BulkActionEditTypeEnum.add_index_patterns, + value: ['test-*'], + }, + { + type: BulkActionEditTypeEnum.set_index_patterns, + value: ['test-*'], + }, + { + type: BulkActionEditTypeEnum.set_timeline, + value: { timeline_id: 'mock-id', timeline_title: 'mock-title' }, + }, + { + type: BulkActionEditTypeEnum.set_schedule, + value: { interval: '1m', lookback: '1m' }, + }, + ]; + + bulkEditingCases.forEach(({ type, value }) => { + it(`applies "${type}" bulk edit action to prebuilt rules`, async () => { + await installMockPrebuiltRules(supertest, es); + + const { + body: { + data: [prebuiltRule], + }, + } = await securitySolutionApi.findRules({ + query: { + filter: 'alert.attributes.params.immutable: true', + per_page: 1, + }, + }); + + const { body } = await securitySolutionApi + .performRulesBulkAction({ + query: {}, + body: { + ids: [prebuiltRule.id], + action: BulkActionTypeEnum.edit, + [BulkActionTypeEnum.edit]: [ + { + type, + value, + } as BulkActionEditPayload, + ], + }, + }) + .expect(200); + + expect(body).toMatchObject({ + success: true, + rules_count: 1, + }); + expect(body.attributes.summary).toMatchObject({ succeeded: 1, total: 1 }); + }); + }); + }); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/index.ts new file mode 100644 index 0000000000000..645e840fbf146 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/index.ts @@ -0,0 +1,14 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; + +export default ({ loadTestFile }: FtrProviderContext): void => { + loadTestFile(require.resolve('./calculate_is_customized')); + loadTestFile(require.resolve('./customize_prebuilt_rules')); + loadTestFile(require.resolve('./customize_via_bulk_editing')); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/rules_export.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/import_export/export_prebuilt_rules.ts similarity index 77% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/rules_export.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/import_export/export_prebuilt_rules.ts index 729bd7849cd06..c2ca11de4d638 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/rules_export.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/import_export/export_prebuilt_rules.ts @@ -39,13 +39,13 @@ export default ({ getService }: FtrProviderContext): void => { * This test suite is skipped in Serverless MKI environments due to reliance on the * feature flag for prebuilt rule customization. */ - describe('@ess @serverless @skipInServerlessMKI Exporting Rules with Prebuilt Rule Customization', () => { + describe('@ess @serverless @skipInServerlessMKI Export prebuilt rules', () => { beforeEach(async () => { await deleteAllPrebuiltRuleAssets(es, log); await deleteAllRules(supertest, log); }); - it('exports a set of custom installed rules via the _export API', async () => { + it('exports a set of custom rules via the _export API', async () => { await Promise.all([ securitySolutionApi .createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-id-1' }) }) @@ -98,7 +98,7 @@ export default ({ getService }: FtrProviderContext): void => { await installPrebuiltRules(es, supertest); }); - it('exports a set of prebuilt installed rules via the _export API', async () => { + it('exports a set of non-customized prebuilt rules via the _export API', async () => { const { body: exportResult } = await securitySolutionApi .exportRules({ query: {}, body: null }) .expect(200) @@ -124,17 +124,18 @@ export default ({ getService }: FtrProviderContext): void => { }), ]) ); + }); - const [firstExportedRule, secondExportedRule] = parsedExportResult as Array<{ - id: string; - rule_id: string; - }>; + it('exports a set of customized prebuilt rules via the _export API', async () => { + const { + body: { data: rules }, + } = await securitySolutionApi.findRules({ query: {} }).expect(200); const { body: bulkEditResult } = await securitySolutionApi .performRulesBulkAction({ query: {}, body: { - ids: [firstExportedRule.id], + ids: [rules[0].id], action: BulkActionTypeEnum.edit, [BulkActionTypeEnum.edit]: [ { @@ -164,14 +165,14 @@ export default ({ getService }: FtrProviderContext): void => { expect(parseNdJson(secondExportResult)).toEqual( expect.arrayContaining([ expect.objectContaining({ - rule_id: firstExportedRule.rule_id, + rule_id: rules[0].rule_id, rule_source: { type: 'external', is_customized: true, }, }), expect.objectContaining({ - rule_id: secondExportedRule.rule_id, + rule_id: rules[1].rule_id, rule_source: { type: 'external', is_customized: false, @@ -181,7 +182,7 @@ export default ({ getService }: FtrProviderContext): void => { ); }); - it('exports a set of custom and prebuilt installed rules via the _export API', async () => { + it('exports a set of custom and prebuilt rules via the _export API', async () => { await Promise.all([ securitySolutionApi .createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-id-1' }) }) @@ -276,7 +277,74 @@ export default ({ getService }: FtrProviderContext): void => { ); }); - it('exports a set of custom and prebuilt installed rules via the bulk_actions API', async () => { + it('exports all prebuilt rules via _export API', async () => { + const { body } = await securitySolutionApi + .exportRules({ query: {}, body: null }) + .expect(200) + .parse(binaryToString); + + const exportJson = parseNdJson(body); + + expect(exportJson).toEqual( + expect.arrayContaining([ + expect.objectContaining({ + rule_id: ruleAssets[0]['security-rule'].rule_id, + rule_source: { + type: 'external', + is_customized: false, + }, + }), + expect.objectContaining({ + rule_id: ruleAssets[1]['security-rule'].rule_id, + rule_source: { + type: 'external', + is_customized: false, + }, + }), + ]) + ); + + const exportStats = exportJson.at(-1); + + expect(exportStats).toMatchObject({ + exported_rules_count: 2, + missing_rules: [], + }); + }); + + it('exports a set of prebuilt rules via the bulk_actions API', async () => { + const ruleAsset = createRuleAssetSavedObject({ rule_id: 'prebuilt-rule-1', version: 1 }); + + await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); + await installPrebuiltRules(es, supertest); + + const findResponse = await securitySolutionApi.findRules({ query: {} }); + const installedRule = findResponse.body.data[0]; + + const { body } = await securitySolutionApi + .performRulesBulkAction({ + query: {}, + body: { action: BulkActionTypeEnum.export, ids: [installedRule.id] }, + }) + .expect(200) + .parse(binaryToString); + + const [ruleJson, exportDetailsJson] = parseNdJson(body); + + expect(ruleJson).toMatchObject({ + id: installedRule.id, + rule_source: { + type: 'external', + is_customized: false, + }, + }); + + expect(exportDetailsJson).toMatchObject({ + missing_rules: [], + }); + }); + + it('exports a set of custom and prebuilt rules via the bulk_actions API', async () => { await Promise.all([ securitySolutionApi .createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-id-1' }) }) diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/import_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/import_export/import_prebuilt_rules.ts similarity index 88% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/import_rules.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/import_export/import_prebuilt_rules.ts index 898ccc676dc17..a9de62eedd26c 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/import_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/import_export/import_prebuilt_rules.ts @@ -47,7 +47,7 @@ export default ({ getService }: FtrProviderContext): void => { ); const prebuiltRuleIds = [...new Set(prebuiltRules.map((rule) => rule.rule_id))]; - describe('@ess @serverless @skipInServerlessMKI import_rules', () => { + describe('@ess @serverless @skipInServerlessMKI Import prebuilt rules', () => { before(async () => { await deleteAllPrebuiltRuleAssets(es, log); await createHistoricalPrebuiltRuleAssetSavedObjects( @@ -318,6 +318,7 @@ export default ({ getService }: FtrProviderContext): void => { expect.objectContaining({ rule_id: 'rule-1', version: 2, + name: 'Customized prebuilt rule', rule_source: { type: 'external', is_customized: true }, immutable: true, }), @@ -331,6 +332,53 @@ export default ({ getService }: FtrProviderContext): void => { ); }); + it('accepts rules with "immutable: true"', async () => { + const rule = getCustomQueryRuleParams({ + rule_id: 'rule-immutable', + // @ts-expect-error the API supports this param, but we only need it in {@link RuleToImport} + immutable: true, + }); + + const { body } = await importRules([rule]); + + expect(body).toMatchObject({ + success: true, + }); + }); + + it('allows (but ignores) rules with a value for rule_source', async () => { + const rule = getCustomQueryRuleParams({ + rule_id: 'with-rule-source', + // @ts-expect-error the API supports this param, but we only need it in {@link RuleToImport} + rule_source: { + type: 'ignored', + }, + }); + + const { body } = await importRules([rule]); + + expect(body).toMatchObject({ + success: true, + success_count: 1, + }); + + const importedRule = await fetchRule(supertest, { ruleId: 'with-rule-source' }); + + expect(importedRule.rule_source).toMatchObject({ type: 'internal' }); + }); + + it('rejects rules without a rule_id', async () => { + const rule = getCustomQueryRuleParams({}); + delete rule.rule_id; + + const { body } = await importRules([rule]); + + expect(body.errors).toHaveLength(1); + expect(body.errors[0]).toMatchObject({ + error: { message: 'rule_id: Required', status_code: 400 }, + }); + }); + // TODO: Fix the test setup https://github.com/elastic/kibana/pull/206893#discussion_r1966170712 it.skip('imports prebuilt rules when the rules package is not installed', async () => { await deletePrebuiltRulesFleetPackage({ supertest, es, log, retryService }); // First we delete the rule package diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/import_export/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/import_export/index.ts new file mode 100644 index 0000000000000..762350fb52f17 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/import_export/index.ts @@ -0,0 +1,13 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; + +export default ({ loadTestFile }: FtrProviderContext): void => { + loadTestFile(require.resolve('./export_prebuilt_rules')); + loadTestFile(require.resolve('./import_prebuilt_rules')); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/index.ts new file mode 100644 index 0000000000000..79f64ffedb214 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/index.ts @@ -0,0 +1,18 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrProviderContext } from '../../../../../ftr_provider_context'; + +export default ({ loadTestFile }: FtrProviderContext): void => { + describe('Rules Management - Prebuilt Rules (Customization Enabled)', function () { + loadTestFile(require.resolve('./customization')); + loadTestFile(require.resolve('./import_export')); + loadTestFile(require.resolve('./install_prebuilt_rules')); + loadTestFile(require.resolve('./status')); + loadTestFile(require.resolve('./upgrade_prebuilt_rules')); + }); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/install_prebuilt_rules/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/install_prebuilt_rules/index.ts new file mode 100644 index 0000000000000..9f65c6a218cb5 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/install_prebuilt_rules/index.ts @@ -0,0 +1,12 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; + +export default ({ loadTestFile }: FtrProviderContext): void => { + loadTestFile(require.resolve('./install_mocked_prebuilt_rule_assets')); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/install_prebuilt_rules_with_historical_versions.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/install_prebuilt_rules/install_mocked_prebuilt_rule_assets.ts similarity index 50% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/install_prebuilt_rules_with_historical_versions.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/install_prebuilt_rules/install_mocked_prebuilt_rule_assets.ts index 20f27e5a3de11..bf14bd4033b2c 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/install_prebuilt_rules_with_historical_versions.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/install_prebuilt_rules/install_mocked_prebuilt_rule_assets.ts @@ -4,12 +4,14 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ + import expect from 'expect'; import { FtrProviderContext } from '../../../../../../ftr_provider_context'; import { deleteAllTimelines, deleteAllPrebuiltRuleAssets, createRuleAssetSavedObject, + createPrebuiltRuleAssetSavedObjects, installPrebuiltRulesAndTimelines, getPrebuiltRulesAndTimelinesStatus, createHistoricalPrebuiltRuleAssetSavedObjects, @@ -26,41 +28,135 @@ export default ({ getService }: FtrProviderContext): void => { const log = getService('log'); const securitySolutionApi = getService('securitySolutionApi'); - describe('@ess @serverless @skipInServerlessMKI install prebuilt rules from package with historical versions with mock rule assets', () => { - const getRuleAssetSavedObjects = () => [ - createRuleAssetSavedObject({ rule_id: 'rule-1', version: 1 }), - createRuleAssetSavedObject({ rule_id: 'rule-1', version: 2 }), - createRuleAssetSavedObject({ rule_id: 'rule-2', version: 1 }), - createRuleAssetSavedObject({ rule_id: 'rule-2', version: 2 }), - createRuleAssetSavedObject({ rule_id: 'rule-2', version: 3 }), - ]; - const RULES_COUNT = 2; - + describe('@ess @serverless @skipInServerlessMKI Install from mocked prebuilt rule assets', () => { beforeEach(async () => { await deleteAllRules(supertest, log); await deleteAllTimelines(es, log); await deleteAllPrebuiltRuleAssets(es, log); }); - describe('using legacy endpoint', () => { + describe('without historical versions', () => { + const getRuleAssetSavedObjects = () => [ + createRuleAssetSavedObject({ rule_id: 'rule-1', version: 1 }), + createRuleAssetSavedObject({ rule_id: 'rule-2', version: 2 }), + createRuleAssetSavedObject({ rule_id: 'rule-3', version: 3 }), + createRuleAssetSavedObject({ rule_id: 'rule-4', version: 4 }), + ]; + const RULES_COUNT = getRuleAssetSavedObjects().length; + + it('installs prebuilt rules', async () => { + await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + const body = await installPrebuiltRules(es, supertest); + + expect(body.summary.succeeded).toBe(RULES_COUNT); + expect(body.summary.failed).toBe(0); + expect(body.summary.skipped).toBe(0); + }); + + it('installs correct prebuilt rule versions', async () => { + await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + const body = await installPrebuiltRules(es, supertest); + + // Check that all prebuilt rules were actually installed and their versions match the latest + expect(body.results.created).toEqual( + expect.arrayContaining([ + expect.objectContaining({ rule_id: 'rule-1', version: 1 }), + expect.objectContaining({ rule_id: 'rule-2', version: 2 }), + expect.objectContaining({ rule_id: 'rule-3', version: 3 }), + expect.objectContaining({ rule_id: 'rule-4', version: 4 }), + ]) + ); + }); + + it('installs missing prebuilt rules', async () => { + // Install all prebuilt detection rules + await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + await installPrebuiltRules(es, supertest); + + // Delete one of the installed rules + await deleteRule(supertest, 'rule-1'); + + // Check that one prebuilt rule is missing + const statusResponse = await getPrebuiltRulesStatus(es, supertest); + expect(statusResponse.stats.num_prebuilt_rules_to_install).toBe(1); + + // Call the install prebuilt rules again and check that the missing rule was installed + const response = await installPrebuiltRules(es, supertest); + expect(response.summary.succeeded).toBe(1); + }); + + describe('legacy (PUT /api/detection_engine/rules/prepackaged)', () => { + it('installs prebuilt rules', async () => { + await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + const body = await installPrebuiltRulesAndTimelines(es, supertest); + + expect(body.rules_installed).toBe(RULES_COUNT); + expect(body.rules_updated).toBe(0); + }); + + it('installs correct prebuilt rule versions', async () => { + await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + await installPrebuiltRulesAndTimelines(es, supertest); + + // Get installed rules + const rulesResponse = await getInstalledRules(supertest); + + // Check that all prebuilt rules were actually installed and their versions match the latest + expect(rulesResponse.total).toBe(RULES_COUNT); + expect(rulesResponse.data).toEqual( + expect.arrayContaining([ + expect.objectContaining({ rule_id: 'rule-1', version: 1 }), + expect.objectContaining({ rule_id: 'rule-2', version: 2 }), + expect.objectContaining({ rule_id: 'rule-3', version: 3 }), + expect.objectContaining({ rule_id: 'rule-4', version: 4 }), + ]) + ); + }); + + it('installs missing prebuilt rules', async () => { + // Install all prebuilt detection rules + await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + await installPrebuiltRulesAndTimelines(es, supertest); + + // Delete one of the installed rules + await deleteRule(supertest, 'rule-1'); + + // Check that one prebuilt rule is missing + const statusResponse = await getPrebuiltRulesAndTimelinesStatus(es, supertest); + expect(statusResponse.rules_not_installed).toBe(1); + + // Call the install prebuilt rules again and check that the missing rule was installed + const response = await installPrebuiltRulesAndTimelines(es, supertest); + expect(response.rules_installed).toBe(1); + expect(response.rules_updated).toBe(0); + }); + }); + }); + + describe('with historical versions', () => { + const getRuleAssetSavedObjects = () => [ + createRuleAssetSavedObject({ rule_id: 'rule-1', version: 1 }), + createRuleAssetSavedObject({ rule_id: 'rule-1', version: 2 }), + createRuleAssetSavedObject({ rule_id: 'rule-2', version: 1 }), + createRuleAssetSavedObject({ rule_id: 'rule-2', version: 2 }), + createRuleAssetSavedObject({ rule_id: 'rule-2', version: 3 }), + ]; + const RULES_COUNT = 2; + it('should install prebuilt rules', async () => { await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - const body = await installPrebuiltRulesAndTimelines(es, supertest); + const body = await installPrebuiltRules(es, supertest); - expect(body.rules_installed).toBe(RULES_COUNT); - expect(body.rules_updated).toBe(0); + expect(body.summary.succeeded).toBe(RULES_COUNT); }); it('should install correct prebuilt rule versions', async () => { await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRulesAndTimelines(es, supertest); - - // Get installed rules - const rulesResponse = await getInstalledRules(supertest); + const response = await installPrebuiltRules(es, supertest); // Check that all prebuilt rules were actually installed and their versions match the latest - expect(rulesResponse.total).toBe(RULES_COUNT); - expect(rulesResponse.data).toEqual( + expect(response.summary.succeeded).toBe(RULES_COUNT); + expect(response.results.created).toEqual( expect.arrayContaining([ expect.objectContaining({ rule_id: 'rule-1', version: 2 }), expect.objectContaining({ rule_id: 'rule-2', version: 3 }), @@ -71,37 +167,37 @@ export default ({ getService }: FtrProviderContext): void => { it('should not install prebuilt rules if they are up to date', async () => { // Install all prebuilt detection rules await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRulesAndTimelines(es, supertest); + await installPrebuiltRules(es, supertest); // Check that all prebuilt rules were installed - const statusResponse = await getPrebuiltRulesAndTimelinesStatus(es, supertest); - expect(statusResponse.rules_not_installed).toBe(0); + const statusResponse = await getPrebuiltRulesStatus(es, supertest); + expect(statusResponse.stats.num_prebuilt_rules_to_install).toBe(0); // Call the install prebuilt rules again and check that no rules were installed - const response = await installPrebuiltRulesAndTimelines(es, supertest); - expect(response.rules_installed).toBe(0); - expect(response.rules_updated).toBe(0); + const response = await installPrebuiltRules(es, supertest); + expect(response.summary.succeeded).toBe(0); + expect(response.summary.total).toBe(0); }); it('should install missing prebuilt rules', async () => { // Install all prebuilt detection rules await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRulesAndTimelines(es, supertest); + await installPrebuiltRules(es, supertest); // Delete one of the installed rules await deleteRule(supertest, 'rule-1'); // Check that one prebuilt rule is missing - const statusResponse = await getPrebuiltRulesAndTimelinesStatus(es, supertest); - expect(statusResponse.rules_not_installed).toBe(1); + const statusResponse = await getPrebuiltRulesStatus(es, supertest); + expect(statusResponse.stats.num_prebuilt_rules_to_install).toBe(1); // Call the install prebuilt rules endpoint again and check that the missing rule was installed - const response = await installPrebuiltRulesAndTimelines(es, supertest); - expect(response.rules_installed).toBe(1); - expect(response.rules_updated).toBe(0); + const response = await installPrebuiltRules(es, supertest); + expect(response.summary.succeeded).toBe(1); + expect(response.summary.total).toBe(1); }); - it('should not overwrite existing actions', async () => { + it('should NOT overwrite existing actions', async () => { // Install prebuilt detection rule await createHistoricalPrebuiltRuleAssetSavedObjects(es, [ createRuleAssetSavedObject({ rule_id: 'rule-1', version: 1 }), @@ -156,7 +252,7 @@ export default ({ getService }: FtrProviderContext): void => { ]); }); - it('should not overwrite existing exceptions lists', async () => { + it('should NOT overwrite existing exceptions lists', async () => { // Install prebuilt detection rule await createHistoricalPrebuiltRuleAssetSavedObjects(es, [ createRuleAssetSavedObject({ rule_id: 'rule-1', version: 1 }), @@ -203,61 +299,65 @@ export default ({ getService }: FtrProviderContext): void => { }), ]); }); - }); - describe('using current endpoint', () => { - it('should install prebuilt rules', async () => { - await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - const body = await installPrebuiltRules(es, supertest); + describe('legacy (PUT /api/detection_engine/rules/prepackaged)', () => { + it('should install prebuilt rules', async () => { + await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + const body = await installPrebuiltRulesAndTimelines(es, supertest); - expect(body.summary.succeeded).toBe(RULES_COUNT); - }); - - it('should install correct prebuilt rule versions', async () => { - await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - const response = await installPrebuiltRules(es, supertest); + expect(body.rules_installed).toBe(RULES_COUNT); + expect(body.rules_updated).toBe(0); + }); - // Check that all prebuilt rules were actually installed and their versions match the latest - expect(response.summary.succeeded).toBe(RULES_COUNT); - expect(response.results.created).toEqual( - expect.arrayContaining([ - expect.objectContaining({ rule_id: 'rule-1', version: 2 }), - expect.objectContaining({ rule_id: 'rule-2', version: 3 }), - ]) - ); - }); + it('should install correct prebuilt rule versions', async () => { + await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + await installPrebuiltRulesAndTimelines(es, supertest); + + // Get installed rules + const rulesResponse = await getInstalledRules(supertest); + + // Check that all prebuilt rules were actually installed and their versions match the latest + expect(rulesResponse.total).toBe(RULES_COUNT); + expect(rulesResponse.data).toEqual( + expect.arrayContaining([ + expect.objectContaining({ rule_id: 'rule-1', version: 2 }), + expect.objectContaining({ rule_id: 'rule-2', version: 3 }), + ]) + ); + }); - it('should not install prebuilt rules if they are up to date', async () => { - // Install all prebuilt detection rules - await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRules(es, supertest); + it('should not install prebuilt rules if they are up to date', async () => { + // Install all prebuilt detection rules + await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + await installPrebuiltRulesAndTimelines(es, supertest); - // Check that all prebuilt rules were installed - const statusResponse = await getPrebuiltRulesStatus(es, supertest); - expect(statusResponse.stats.num_prebuilt_rules_to_install).toBe(0); + // Check that all prebuilt rules were installed + const statusResponse = await getPrebuiltRulesAndTimelinesStatus(es, supertest); + expect(statusResponse.rules_not_installed).toBe(0); - // Call the install prebuilt rules again and check that no rules were installed - const response = await installPrebuiltRules(es, supertest); - expect(response.summary.succeeded).toBe(0); - expect(response.summary.total).toBe(0); - }); + // Call the install prebuilt rules again and check that no rules were installed + const response = await installPrebuiltRulesAndTimelines(es, supertest); + expect(response.rules_installed).toBe(0); + expect(response.rules_updated).toBe(0); + }); - it('should install missing prebuilt rules', async () => { - // Install all prebuilt detection rules - await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRules(es, supertest); + it('should install missing prebuilt rules', async () => { + // Install all prebuilt detection rules + await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + await installPrebuiltRulesAndTimelines(es, supertest); - // Delete one of the installed rules - await deleteRule(supertest, 'rule-1'); + // Delete one of the installed rules + await deleteRule(supertest, 'rule-1'); - // Check that one prebuilt rule is missing - const statusResponse = await getPrebuiltRulesStatus(es, supertest); - expect(statusResponse.stats.num_prebuilt_rules_to_install).toBe(1); + // Check that one prebuilt rule is missing + const statusResponse = await getPrebuiltRulesAndTimelinesStatus(es, supertest); + expect(statusResponse.rules_not_installed).toBe(1); - // Call the install prebuilt rules endpoint again and check that the missing rule was installed - const response = await installPrebuiltRules(es, supertest); - expect(response.summary.succeeded).toBe(1); - expect(response.summary.total).toBe(1); + // Call the install prebuilt rules endpoint again and check that the missing rule was installed + const response = await installPrebuiltRulesAndTimelines(es, supertest); + expect(response.rules_installed).toBe(1); + expect(response.rules_updated).toBe(0); + }); }); }); }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/configs/ess_air_gapped.config.ts similarity index 70% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/configs/ess_air_gapped.config.ts index e50aff79a7b48..b8b6d36ec10eb 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/configs/ess_air_gapped.config.ts @@ -8,23 +8,14 @@ import { FtrConfigProviderContext } from '@kbn/test'; import path from 'path'; -export const BUNDLED_PACKAGE_DIR = path.join( - path.dirname(__filename), - './../fleet_bundled_packages/fixtures' -); +export const BUNDLED_PACKAGE_DIR = path.join(path.dirname(__filename), './../fixtures/packages'); export default async function ({ readConfigFile }: FtrConfigProviderContext) { - const functionalConfig = await readConfigFile( - require.resolve('../../../../../../../config/ess/config.base.trial') - ); + const functionalConfig = await readConfigFile(require.resolve('../../../configs/ess.config')); return { ...functionalConfig.getAll(), testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Bundled Prebuilt Rules Integration Tests - ESS Env - Trial License', - }, kbnTestServer: { ...functionalConfig.get('kbnTestServer'), serverArgs: [ @@ -33,7 +24,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { * To do that, we point the Fleet url to an invalid URL, and instruct Fleet to fetch bundled packages at the * location defined in BUNDLED_PACKAGE_DIR. */ - `--xpack.fleet.registryUrl=http://invalidURL:8080`, + `--xpack.fleet.isAirGapped=true`, `--xpack.fleet.developer.bundledPackageLocation=${BUNDLED_PACKAGE_DIR}`, ], }, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/configs/ess_air_gapped_large_package.config.ts similarity index 66% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/configs/ess_air_gapped_large_package.config.ts index d4ef8795c8894..0e30ec5175923 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/configs/ess_air_gapped_large_package.config.ts @@ -10,21 +10,15 @@ import path from 'path'; export const BUNDLED_PACKAGE_DIR = path.join( path.dirname(__filename), - './../fleet_bundled_packages/fixtures' + './../fixtures/packages/large' ); export default async function ({ readConfigFile }: FtrConfigProviderContext) { - const functionalConfig = await readConfigFile( - require.resolve('../../../../../../../config/ess/config.base.trial') - ); + const functionalConfig = await readConfigFile(require.resolve('../../../configs/ess.config')); return { ...functionalConfig.getAll(), - testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Large Prebuilt Rules Package Integration Tests - ESS Env - Trial License', - }, + testFiles: [require.resolve('../install_large_bundled_package')], kbnTestServer: { ...functionalConfig.get('kbnTestServer'), serverArgs: [ @@ -35,15 +29,9 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { * Since we want to test the installation of a large package, we created a specific package `security_detection_engine-100.0.0` * which contains 15000 rules assets and 750 unique rules, and attempt to install it. */ - `--xpack.fleet.registryUrl=http://invalidURL:8080`, + `--xpack.fleet.isAirGapped=true`, `--xpack.fleet.developer.bundledPackageLocation=${BUNDLED_PACKAGE_DIR}`, ], - env: { - /* Limit the heap memory to the lowest amount with which Kibana doesn't crash with an out of memory error - * when installing the large package. - */ - NODE_OPTIONS: '--max-old-space-size=800', - }, }, }; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/fleet_bundled_packages/fixtures/security_detection_engine-100.0.0.zip b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/fixtures/packages/large/security_detection_engine-100.0.0.zip similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/fleet_bundled_packages/fixtures/security_detection_engine-100.0.0.zip rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/fixtures/packages/large/security_detection_engine-100.0.0.zip diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/fleet_bundled_packages/fixtures/security_detection_engine-99.0.0.zip b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/fixtures/packages/security_detection_engine-99.0.0.zip similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/fleet_bundled_packages/fixtures/security_detection_engine-99.0.0.zip rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/fixtures/packages/security_detection_engine-99.0.0.zip diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/fleet_bundled_packages/fixtures/security_detection_engine-99.0.1-beta.1.zip b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/fixtures/packages/security_detection_engine-99.0.1-beta.1.zip similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/fleet_bundled_packages/fixtures/security_detection_engine-99.0.1-beta.1.zip rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/fixtures/packages/security_detection_engine-99.0.1-beta.1.zip diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/index.ts new file mode 100644 index 0000000000000..888e27843cc19 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/index.ts @@ -0,0 +1,15 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrProviderContext } from '../../../../../../../ftr_provider_context'; + +export default ({ loadTestFile }: FtrProviderContext): void => { + describe('Air-gapped environment with pre-bundled packages', () => { + loadTestFile(require.resolve('./install_bundled_package')); + loadTestFile(require.resolve('./prerelease_packages')); + }); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/install_latest_bundled_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/install_bundled_package.ts similarity index 92% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/install_latest_bundled_prebuilt_rules.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/install_bundled_package.ts index 52386aaa6d016..b829a4e4a1501 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/install_latest_bundled_prebuilt_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/install_bundled_package.ts @@ -4,6 +4,7 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ + import fs from 'fs/promises'; import path from 'path'; import { REPO_ROOT } from '@kbn/repo-info'; @@ -11,13 +12,14 @@ import JSON5 from 'json5'; import expect from 'expect'; import { PackageSpecManifest } from '@kbn/fleet-plugin/common'; import { ALL_SAVED_OBJECT_INDICES } from '@kbn/core-saved-objects-server'; -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; +import { FtrProviderContext } from '../../../../../../../ftr_provider_context'; import { deleteAllPrebuiltRuleAssets, getPrebuiltRulesStatus, installPrebuiltRulesPackageByVersion, -} from '../../../../utils'; -import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; +} from '../../../../../utils'; +import { deleteAllRules } from '../../../../../../../../common/utils/security_solution'; + export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); const supertest = getService('supertest'); @@ -31,7 +33,7 @@ export default ({ getService }: FtrProviderContext): void => { /* from a package that was bundled with Kibana */ // // FLAKY: https://github.com/elastic/kibana/issues/180087 - describe.skip('@ess @serverless @skipInServerlessMKI install_bundled_prebuilt_rules', () => { + describe.skip('@ess @serverless @skipInServerlessMKI Install bundled package', () => { beforeEach(async () => { await deleteAllRules(supertest, log); await deleteAllPrebuiltRuleAssets(es, log); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/install_large_prebuilt_rules_package.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/install_large_bundled_package.ts similarity index 86% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/install_large_prebuilt_rules_package.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/install_large_bundled_package.ts index 29ca3eea30239..1184181056127 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/install_large_prebuilt_rules_package.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/install_large_bundled_package.ts @@ -5,20 +5,20 @@ * 2.0. */ import expect from 'expect'; -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; +import { FtrProviderContext } from '../../../../../../../ftr_provider_context'; import { deleteAllPrebuiltRuleAssets, getPrebuiltRulesAndTimelinesStatus, installPrebuiltRulesAndTimelines, -} from '../../../../utils'; -import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; +} from '../../../../../utils'; +import { deleteAllRules } from '../../../../../../../../common/utils/security_solution'; export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); const supertest = getService('supertest'); const log = getService('log'); - describe('@ess @serverless @skipInServerlessMKI install_large_prebuilt_rules_package', () => { + describe('@ess @serverless @skipInServerlessMKI Install large bundled package', () => { beforeEach(async () => { await deleteAllRules(supertest, log); await deleteAllPrebuiltRuleAssets(es, log); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/prerelease_packages.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/prerelease_packages.ts similarity index 92% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/prerelease_packages.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/prerelease_packages.ts index 9f7809b16b98d..f7116cc9fae32 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/prerelease_packages.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/air_gapped/prerelease_packages.ts @@ -4,9 +4,9 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ -import expect from 'expect'; -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; +import expect from 'expect'; +import { FtrProviderContext } from '../../../../../../../ftr_provider_context'; import { deleteAllPrebuiltRuleAssets, deletePrebuiltRulesFleetPackage, @@ -15,8 +15,8 @@ import { getPrebuiltRulesStatus, installPrebuiltRules, installPrebuiltRulesPackageViaFleetAPI, -} from '../../../../utils'; -import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; +} from '../../../../../utils'; +import { deleteAllRules } from '../../../../../../../../common/utils/security_solution'; export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); @@ -31,14 +31,14 @@ export default ({ getService }: FtrProviderContext): void => { /* (We use high mock version numbers to prevent clashes with real packages downloaded in other tests.) /* To do assertions on which packages have been installed, 99.0.0 has a single rule to install, /* while 99.0.1-beta.1 has 2 rules to install. Also, both packages have the version as part of the rule names. */ - describe('@ess @serverless @skipInServerlessMKI prerelease_packages', () => { + describe('@ess @serverless @skipInServerlessMKI Prerelease packages', () => { beforeEach(async () => { await deleteAllRules(supertest, log); await deleteAllPrebuiltRuleAssets(es, log); await deletePrebuiltRulesFleetPackage({ supertest, es, log, retryService }); }); - it('should install latest stable version and ignore prerelease packages', async () => { + it('installs the latest stable version ignoring prerelease packages', async () => { // Verify that status is empty before package installation const statusBeforePackageInstallation = await getPrebuiltRulesStatus(es, supertest); expect(statusBeforePackageInstallation.stats.num_prebuilt_rules_installed).toBe(0); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/bootstrap_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/bootstrap_prebuilt_rules.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/bootstrap_prebuilt_rules.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/bootstrap_prebuilt_rules.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/index.ts similarity index 63% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/index.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/index.ts index faeda80e35f77..22f521dedfe31 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/bundled_prebuilt_rules_package/trial_license_complete_tier/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/index.ts @@ -8,8 +8,9 @@ import { FtrProviderContext } from '../../../../../../ftr_provider_context'; export default ({ loadTestFile }: FtrProviderContext): void => { - describe('Rules Management - Prebuilt Rules - Bundled Prebuilt Rules Package', function () { - loadTestFile(require.resolve('./install_latest_bundled_prebuilt_rules')); - loadTestFile(require.resolve('./prerelease_packages')); + describe('Prebuilt rules package', function () { + loadTestFile(require.resolve('./bootstrap_prebuilt_rules')); + loadTestFile(require.resolve('./install_package_from_epr')); + loadTestFile(require.resolve('./update_package')); }); }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/fleet_integration.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/install_package_from_epr.ts similarity index 97% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/fleet_integration.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/install_package_from_epr.ts index 291ed2d7ea51a..839ff86695a89 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/fleet_integration.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/install_package_from_epr.ts @@ -22,7 +22,7 @@ export default ({ getService }: FtrProviderContext): void => { const log = getService('log'); const retryService = getService('retry'); - describe('@ess @serverless @skipInServerlessMKI install_prebuilt_rules_from_real_package', () => { + describe('@ess @serverless @skipInServerlessMKI Install prebuilt rules from EPR', () => { beforeEach(async () => { await deletePrebuiltRulesFleetPackage({ supertest, es, log, retryService }); await deleteAllRules(supertest, log); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/update_prebuilt_rules_package.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/update_package.ts similarity index 99% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/update_prebuilt_rules_package.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/update_package.ts index d0c2e673924e2..2f4be45735ac6 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/update_prebuilt_rules_package.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/prebuilt_rules_package/update_package.ts @@ -61,7 +61,7 @@ export default ({ getService }: FtrProviderContext): void => { return getPackageResponse.body.item.version ?? ''; }; - describe('@ess @serverless @skipInServerlessMKI update_prebuilt_rules_package', () => { + describe('@ess @serverless @skipInServerlessMKI Update package', () => { before(async () => { const configFilePath = path.resolve(REPO_ROOT, 'fleet_packages.json'); const fleetPackages = await fs.readFile(configFilePath, 'utf8'); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/get_prebuilt_rules_status.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/status/get_prebuilt_rules_status.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/get_prebuilt_rules_status.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/status/get_prebuilt_rules_status.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/status/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/status/index.ts new file mode 100644 index 0000000000000..3421e5cdaef5d --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/status/index.ts @@ -0,0 +1,13 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; + +export default ({ loadTestFile }: FtrProviderContext): void => { + loadTestFile(require.resolve('./get_prebuilt_rules_status')); + loadTestFile(require.resolve('./legacy/get_prebuilt_timelines_status')); +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/get_prebuilt_timelines_status.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/status/legacy/get_prebuilt_timelines_status.ts similarity index 93% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/get_prebuilt_timelines_status.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/status/legacy/get_prebuilt_timelines_status.ts index d7f368d7f69a9..faad7a173ffb7 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/get_prebuilt_timelines_status.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/status/legacy/get_prebuilt_timelines_status.ts @@ -6,12 +6,12 @@ */ import expect from 'expect'; -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; +import { FtrProviderContext } from '../../../../../../../ftr_provider_context'; import { deleteAllTimelines, getPrebuiltRulesAndTimelinesStatus, installPrebuiltRulesAndTimelines, -} from '../../../../utils'; +} from '../../../../../utils'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/upgrade_prebuilt_rules/bulk_upgrade_all_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/bulk_upgrade_all_prebuilt_rules.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/upgrade_prebuilt_rules/bulk_upgrade_all_prebuilt_rules.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/bulk_upgrade_all_prebuilt_rules.ts index 7f03101502f61..e37b09e9f2fb5 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/upgrade_prebuilt_rules/bulk_upgrade_all_prebuilt_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/bulk_upgrade_all_prebuilt_rules.ts @@ -7,11 +7,12 @@ import expect from 'expect'; import { ModeEnum } from '@kbn/security-solution-plugin/common/api/detection_engine'; -import { setUpRuleUpgrade } from '../../../../../utils/rules/prebuilt_rules/set_up_rule_upgrade'; -import { FtrProviderContext } from '../../../../../../../ftr_provider_context'; -import { performUpgradePrebuiltRules } from '../../../../../utils'; +import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; +import { setUpRuleUpgrade } from '../../../../utils/rules/prebuilt_rules/set_up_rule_upgrade'; +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; +import { deleteAllPrebuiltRuleAssets, performUpgradePrebuiltRules } from '../../../../utils'; -export function bulkUpgradeAllPrebuiltRules({ getService }: FtrProviderContext): void { +export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); const supertest = getService('supertest'); const log = getService('log'); @@ -21,7 +22,12 @@ export function bulkUpgradeAllPrebuiltRules({ getService }: FtrProviderContext): log, }; - describe('all rules', () => { + describe('@ess @serverless @skipInServerlessMKI Bulk upgrade all prebuilt rules', () => { + beforeEach(async () => { + await deleteAllRules(supertest, log); + await deleteAllPrebuiltRuleAssets(es, log); + }); + describe('with historical versions', () => { const TEST_DATA = [ { pickVersion: 'BASE', expectedTags: ['tagA'] }, @@ -365,4 +371,4 @@ export function bulkUpgradeAllPrebuiltRules({ getService }: FtrProviderContext): } }); }); -} +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/upgrade_prebuilt_rules/bulk_upgrade_selected_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/bulk_upgrade_selected_prebuilt_rules.ts similarity index 95% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/upgrade_prebuilt_rules/bulk_upgrade_selected_prebuilt_rules.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/bulk_upgrade_selected_prebuilt_rules.ts index fc2f083a180ef..003d188e94391 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/upgrade_prebuilt_rules/bulk_upgrade_selected_prebuilt_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/bulk_upgrade_selected_prebuilt_rules.ts @@ -7,11 +7,12 @@ import expect from 'expect'; import { ModeEnum } from '@kbn/security-solution-plugin/common/api/detection_engine'; -import { setUpRuleUpgrade } from '../../../../../utils/rules/prebuilt_rules/set_up_rule_upgrade'; -import { FtrProviderContext } from '../../../../../../../ftr_provider_context'; -import { performUpgradePrebuiltRules } from '../../../../../utils'; +import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; +import { setUpRuleUpgrade } from '../../../../utils/rules/prebuilt_rules/set_up_rule_upgrade'; +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; +import { deleteAllPrebuiltRuleAssets, performUpgradePrebuiltRules } from '../../../../utils'; -export function bulkUpgradeSelectedPrebuiltRules({ getService }: FtrProviderContext): void { +export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); const supertest = getService('supertest'); const log = getService('log'); @@ -21,7 +22,12 @@ export function bulkUpgradeSelectedPrebuiltRules({ getService }: FtrProviderCont log, }; - describe('selected rules', () => { + describe('@ess @serverless @skipInServerlessMKI Bulk upgrade selected prebuilt rules', () => { + beforeEach(async () => { + await deleteAllRules(supertest, log); + await deleteAllPrebuiltRuleAssets(es, log); + }); + describe('with historical versions', () => { describe('without customizations', () => { beforeEach(async () => { @@ -500,4 +506,4 @@ export function bulkUpgradeSelectedPrebuiltRules({ getService }: FtrProviderCont } }); }); -} +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/alert_suppression.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/alert_suppression.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/alert_suppression.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/alert_suppression.ts index 9b6fad04aeb71..f30086e032a4e 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/alert_suppression.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/alert_suppression.ts @@ -16,7 +16,7 @@ import { export function alertSuppressionField({ getService }: FtrProviderContext): void { describe('"alert_suppression"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -49,7 +49,7 @@ export function alertSuppressionField({ getService }: FtrProviderContext): void ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -97,7 +97,7 @@ export function alertSuppressionField({ getService }: FtrProviderContext): void ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -147,7 +147,7 @@ export function alertSuppressionField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -197,7 +197,7 @@ export function alertSuppressionField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -240,7 +240,7 @@ export function alertSuppressionField({ getService }: FtrProviderContext): void }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -276,7 +276,7 @@ export function alertSuppressionField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/building_block.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/building_block.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/building_block.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/building_block.ts index a86153371dc28..3fe12ae8faebc 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/building_block.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/building_block.ts @@ -16,7 +16,7 @@ import { export function buildingBlockField({ getService }: FtrProviderContext): void { describe('"building_block"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -49,7 +49,7 @@ export function buildingBlockField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -97,7 +97,7 @@ export function buildingBlockField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -147,7 +147,7 @@ export function buildingBlockField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -197,7 +197,7 @@ export function buildingBlockField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -240,7 +240,7 @@ export function buildingBlockField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -276,7 +276,7 @@ export function buildingBlockField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/configs/ess.config.ts similarity index 84% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/configs/ess.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/configs/ess.config.ts index 3ebc09e11f2fb..5ff527858c70a 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/configs/ess.config.ts @@ -9,7 +9,7 @@ import { FtrConfigProviderContext } from '@kbn/test'; export default async function ({ readConfigFile }: FtrConfigProviderContext) { const functionalConfig = await readConfigFile( - require.resolve('../../../../../../../../../config/ess/config.base.trial') + require.resolve('../../../../../../../../../config/ess/config.base.trial.ts') ); const testConfig = { @@ -17,7 +17,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Prebuilt Rule Customization Enabled Per Field Integration Tests - ESS Env', + 'Rules Management - Prebuilt Rule (Customization Enabled) Per Field Integration Tests - ESS Env', }, }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/configs/serverless.config.ts similarity index 80% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/serverless.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/configs/serverless.config.ts index 691330c33c12a..67a22e55ca110 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/configs/serverless.config.ts @@ -11,6 +11,6 @@ export default createTestConfig({ testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Prebuilt Rule Customization Enabled Per Field Integration Tests - Serverless Env', + 'Rules Management - Prebuilt Rule (Customization Enabled) Per Field Integration Tests - Serverless Env', }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/data_source.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/data_source.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/data_source.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/data_source.ts index e2890febe732a..6c88e67a82435 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/data_source.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/data_source.ts @@ -19,7 +19,7 @@ import { export function dataSourceField({ getService }: FtrProviderContext): void { describe('"data_source" with index patterns', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -55,7 +55,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -106,7 +106,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -160,7 +160,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -213,7 +213,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -265,7 +265,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -304,7 +304,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -357,7 +357,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void { }); describe('"data_source" with data view', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -393,7 +393,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -444,7 +444,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -498,7 +498,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -551,7 +551,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -597,7 +597,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -636,7 +636,7 @@ export function dataSourceField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/description.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/description.ts similarity index 95% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/description.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/description.ts index 3f06b6e6e8bbd..fdf03ad7c2336 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/description.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/description.ts @@ -16,7 +16,7 @@ import { export function descriptionField({ getService }: FtrProviderContext): void { describe('"description"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -49,7 +49,7 @@ export function descriptionField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -99,7 +99,7 @@ export function descriptionField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -155,7 +155,7 @@ export function descriptionField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -205,7 +205,7 @@ export function descriptionField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -251,7 +251,7 @@ export function descriptionField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -287,7 +287,7 @@ export function descriptionField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/false_positives.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/false_positives.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/false_positives.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/false_positives.ts index 74ff45fae6b3e..50a7315628444 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/false_positives.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/false_positives.ts @@ -16,7 +16,7 @@ import { export function falsePositivesField({ getService }: FtrProviderContext): void { describe('"false_positives"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -49,7 +49,7 @@ export function falsePositivesField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -97,7 +97,7 @@ export function falsePositivesField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -147,7 +147,7 @@ export function falsePositivesField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -197,7 +197,7 @@ export function falsePositivesField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -240,7 +240,7 @@ export function falsePositivesField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -276,7 +276,7 @@ export function falsePositivesField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/index.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/index.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/index.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/investigation_fields.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/investigation_fields.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/investigation_fields.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/investigation_fields.ts index afed997049eb6..ff911c3320788 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/investigation_fields.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/investigation_fields.ts @@ -16,7 +16,7 @@ import { export function investigationFieldsField({ getService }: FtrProviderContext): void { describe('"investigation_fields"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -49,7 +49,7 @@ export function investigationFieldsField({ getService }: FtrProviderContext): vo ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -97,7 +97,7 @@ export function investigationFieldsField({ getService }: FtrProviderContext): vo ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -147,7 +147,7 @@ export function investigationFieldsField({ getService }: FtrProviderContext): vo ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -197,7 +197,7 @@ export function investigationFieldsField({ getService }: FtrProviderContext): vo ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -240,7 +240,7 @@ export function investigationFieldsField({ getService }: FtrProviderContext): vo }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -276,7 +276,7 @@ export function investigationFieldsField({ getService }: FtrProviderContext): vo ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/max_signals.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/max_signals.ts similarity index 93% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/max_signals.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/max_signals.ts index 122b00022b47e..4cab3c9d483d2 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/max_signals.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/max_signals.ts @@ -16,7 +16,7 @@ import { export function maxSignalsField({ getService }: FtrProviderContext): void { describe('"max_signals"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -49,7 +49,7 @@ export function maxSignalsField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -97,7 +97,7 @@ export function maxSignalsField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -147,7 +147,7 @@ export function maxSignalsField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -197,7 +197,7 @@ export function maxSignalsField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -240,7 +240,7 @@ export function maxSignalsField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -276,7 +276,7 @@ export function maxSignalsField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/name.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/name.ts similarity index 93% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/name.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/name.ts index 1030d8f774784..69b10fb5bc2e2 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/name.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/name.ts @@ -16,7 +16,7 @@ import { export function nameField({ getService }: FtrProviderContext): void { describe('"name"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -49,7 +49,7 @@ export function nameField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -97,7 +97,7 @@ export function nameField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -147,7 +147,7 @@ export function nameField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -197,7 +197,7 @@ export function nameField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -240,7 +240,7 @@ export function nameField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -276,7 +276,7 @@ export function nameField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/note.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/note.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/note.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/note.ts index 5b7f1df6834b0..80be32c0d9813 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/note.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/note.ts @@ -16,7 +16,7 @@ import { export function noteField({ getService }: FtrProviderContext): void { describe('"note"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -49,7 +49,7 @@ export function noteField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -97,7 +97,7 @@ export function noteField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -147,7 +147,7 @@ export function noteField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -197,7 +197,7 @@ export function noteField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -240,7 +240,7 @@ export function noteField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -276,7 +276,7 @@ export function noteField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/references.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/references.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/references.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/references.ts index 532c49e6e5710..90aeebac6cc2a 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/references.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/references.ts @@ -16,7 +16,7 @@ import { export function referencesField({ getService }: FtrProviderContext): void { describe('"references"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -49,7 +49,7 @@ export function referencesField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -97,7 +97,7 @@ export function referencesField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -147,7 +147,7 @@ export function referencesField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -197,7 +197,7 @@ export function referencesField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -240,7 +240,7 @@ export function referencesField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -276,7 +276,7 @@ export function referencesField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/related_integrations.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/related_integrations.ts similarity index 96% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/related_integrations.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/related_integrations.ts index bdc4f0081c31e..476932d628302 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/related_integrations.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/related_integrations.ts @@ -16,7 +16,7 @@ import { export function relatedIntegrationsField({ getService }: FtrProviderContext): void { describe('"related_integrations"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -71,7 +71,7 @@ export function relatedIntegrationsField({ getService }: FtrProviderContext): vo ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -184,7 +184,7 @@ export function relatedIntegrationsField({ getService }: FtrProviderContext): vo ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -288,7 +288,7 @@ export function relatedIntegrationsField({ getService }: FtrProviderContext): vo ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -392,7 +392,7 @@ export function relatedIntegrationsField({ getService }: FtrProviderContext): vo ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -490,7 +490,7 @@ export function relatedIntegrationsField({ getService }: FtrProviderContext): vo }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -553,7 +553,7 @@ export function relatedIntegrationsField({ getService }: FtrProviderContext): vo ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/required_fields.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/required_fields.ts similarity index 96% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/required_fields.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/required_fields.ts index 5dbd464bc2435..15ed2144493d4 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/required_fields.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/required_fields.ts @@ -16,7 +16,7 @@ import { export function requiredFieldsField({ getService }: FtrProviderContext): void { describe('"required_fields"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -73,7 +73,7 @@ export function requiredFieldsField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -177,7 +177,7 @@ export function requiredFieldsField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -289,7 +289,7 @@ export function requiredFieldsField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -401,7 +401,7 @@ export function requiredFieldsField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -498,7 +498,7 @@ export function requiredFieldsField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -564,7 +564,7 @@ export function requiredFieldsField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/risk_score.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/risk_score.ts similarity index 93% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/risk_score.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/risk_score.ts index e83d9d3a82876..049e23a14f4da 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/risk_score.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/risk_score.ts @@ -16,7 +16,7 @@ import { export function riskScoreField({ getService }: FtrProviderContext): void { describe('"risk_score"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -49,7 +49,7 @@ export function riskScoreField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -97,7 +97,7 @@ export function riskScoreField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -147,7 +147,7 @@ export function riskScoreField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -197,7 +197,7 @@ export function riskScoreField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -240,7 +240,7 @@ export function riskScoreField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -276,7 +276,7 @@ export function riskScoreField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/risk_score_mapping.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/risk_score_mapping.ts similarity index 97% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/risk_score_mapping.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/risk_score_mapping.ts index 77f68493254fe..765a4a4b8aba4 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/risk_score_mapping.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/risk_score_mapping.ts @@ -16,7 +16,7 @@ import { export function riskScoreMappingField({ getService }: FtrProviderContext): void { describe('"risk_score_mapping"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -79,7 +79,7 @@ export function riskScoreMappingField({ getService }: FtrProviderContext): void ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -194,7 +194,7 @@ export function riskScoreMappingField({ getService }: FtrProviderContext): void ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -318,7 +318,7 @@ export function riskScoreMappingField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -442,7 +442,7 @@ export function riskScoreMappingField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -550,7 +550,7 @@ export function riskScoreMappingField({ getService }: FtrProviderContext): void }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -623,7 +623,7 @@ export function riskScoreMappingField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/rule_name_override.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/rule_name_override.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/rule_name_override.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/rule_name_override.ts index afe5b1cac6821..c38ea0e707baa 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/rule_name_override.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/rule_name_override.ts @@ -16,7 +16,7 @@ import { export function ruleNameOverrideField({ getService }: FtrProviderContext): void { describe('"rule_name_override"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -49,7 +49,7 @@ export function ruleNameOverrideField({ getService }: FtrProviderContext): void ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -97,7 +97,7 @@ export function ruleNameOverrideField({ getService }: FtrProviderContext): void ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -147,7 +147,7 @@ export function ruleNameOverrideField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -197,7 +197,7 @@ export function ruleNameOverrideField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -240,7 +240,7 @@ export function ruleNameOverrideField({ getService }: FtrProviderContext): void }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -276,7 +276,7 @@ export function ruleNameOverrideField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/rule_schedule.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/rule_schedule.ts similarity index 95% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/rule_schedule.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/rule_schedule.ts index 3efb3057920ab..5dd985f017949 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/rule_schedule.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/rule_schedule.ts @@ -16,7 +16,7 @@ import { export function ruleScheduleField({ getService }: FtrProviderContext): void { describe('"rule_schedule"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -57,7 +57,7 @@ export function ruleScheduleField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -129,7 +129,7 @@ export function ruleScheduleField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -204,7 +204,7 @@ export function ruleScheduleField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -278,7 +278,7 @@ export function ruleScheduleField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -345,7 +345,7 @@ export function ruleScheduleField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -389,7 +389,7 @@ export function ruleScheduleField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/setup.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/setup.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/setup.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/setup.ts index 78c954fcc20f2..b7009390839d5 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/setup.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/setup.ts @@ -16,7 +16,7 @@ import { export function setupField({ getService }: FtrProviderContext): void { describe('"setup"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -49,7 +49,7 @@ export function setupField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -97,7 +97,7 @@ export function setupField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -147,7 +147,7 @@ export function setupField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -197,7 +197,7 @@ export function setupField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -240,7 +240,7 @@ export function setupField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -276,7 +276,7 @@ export function setupField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/severity.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/severity.ts similarity index 93% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/severity.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/severity.ts index 57183c1f76870..f6491e84e30fb 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/severity.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/severity.ts @@ -16,7 +16,7 @@ import { export function severityField({ getService }: FtrProviderContext): void { describe('"severity"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -49,7 +49,7 @@ export function severityField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -97,7 +97,7 @@ export function severityField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -147,7 +147,7 @@ export function severityField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -197,7 +197,7 @@ export function severityField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -240,7 +240,7 @@ export function severityField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -276,7 +276,7 @@ export function severityField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/severity_mapping.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/severity_mapping.ts similarity index 97% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/severity_mapping.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/severity_mapping.ts index 6cd09f94d9650..1477ff7b232c9 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/severity_mapping.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/severity_mapping.ts @@ -16,7 +16,7 @@ import { export function severityMappingField({ getService }: FtrProviderContext): void { describe('"severity_mapping"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -79,7 +79,7 @@ export function severityMappingField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -194,7 +194,7 @@ export function severityMappingField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -318,7 +318,7 @@ export function severityMappingField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -442,7 +442,7 @@ export function severityMappingField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -550,7 +550,7 @@ export function severityMappingField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -623,7 +623,7 @@ export function severityMappingField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/tags.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/tags.ts similarity index 93% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/tags.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/tags.ts index 1f67e55692fa1..446f2308b9f1a 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/tags.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/tags.ts @@ -16,7 +16,7 @@ import { export function tagsField({ getService }: FtrProviderContext): void { describe('"tags"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -49,7 +49,7 @@ export function tagsField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -97,7 +97,7 @@ export function tagsField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -147,7 +147,7 @@ export function tagsField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -197,7 +197,7 @@ export function tagsField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -240,7 +240,7 @@ export function tagsField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -276,7 +276,7 @@ export function tagsField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/threat.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/threat.ts similarity index 97% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/threat.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/threat.ts index 2e001b5322de0..fcffb46b24c8b 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/threat.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/threat.ts @@ -16,7 +16,7 @@ import { export function threatField({ getService }: FtrProviderContext): void { describe('"threat"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -87,7 +87,7 @@ export function threatField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -220,7 +220,7 @@ export function threatField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -364,7 +364,7 @@ export function threatField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -508,7 +508,7 @@ export function threatField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -634,7 +634,7 @@ export function threatField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -717,7 +717,7 @@ export function threatField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/timeline_template.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/timeline_template.ts similarity index 95% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/timeline_template.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/timeline_template.ts index 911500e0bb346..bdb403b40641e 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/timeline_template.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/timeline_template.ts @@ -16,7 +16,7 @@ import { export function timelineTemplateField({ getService }: FtrProviderContext): void { describe('"timeline_template"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -54,7 +54,7 @@ export function timelineTemplateField({ getService }: FtrProviderContext): void ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -107,7 +107,7 @@ export function timelineTemplateField({ getService }: FtrProviderContext): void ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -163,7 +163,7 @@ export function timelineTemplateField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -219,7 +219,7 @@ export function timelineTemplateField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -268,7 +268,7 @@ export function timelineTemplateField({ getService }: FtrProviderContext): void }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -310,7 +310,7 @@ export function timelineTemplateField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/timestamp_override.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/timestamp_override.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/timestamp_override.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/timestamp_override.ts index a6529cfcd5c58..7557402e1468b 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/timestamp_override.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/common_fields/timestamp_override.ts @@ -16,7 +16,7 @@ import { export function timestampOverrideField({ getService }: FtrProviderContext): void { describe('"timestamp_override"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -49,7 +49,7 @@ export function timestampOverrideField({ getService }: FtrProviderContext): void ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -97,7 +97,7 @@ export function timestampOverrideField({ getService }: FtrProviderContext): void ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -147,7 +147,7 @@ export function timestampOverrideField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -197,7 +197,7 @@ export function timestampOverrideField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -240,7 +240,7 @@ export function timestampOverrideField({ getService }: FtrProviderContext): void }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', @@ -276,7 +276,7 @@ export function timestampOverrideField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/test_helpers.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/test_helpers.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/test_helpers.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/test_helpers.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/anomaly_threshold.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/anomaly_threshold.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/anomaly_threshold.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/anomaly_threshold.ts index 16153505e5561..6ad7701303de9 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/anomaly_threshold.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/anomaly_threshold.ts @@ -16,7 +16,7 @@ import { export function anomalyThresholdField({ getService }: FtrProviderContext): void { describe('"anomaly_threshold"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'machine_learning', @@ -49,7 +49,7 @@ export function anomalyThresholdField({ getService }: FtrProviderContext): void ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'machine_learning', @@ -97,7 +97,7 @@ export function anomalyThresholdField({ getService }: FtrProviderContext): void ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'machine_learning', @@ -148,7 +148,7 @@ export function anomalyThresholdField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'machine_learning', @@ -199,7 +199,7 @@ export function anomalyThresholdField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'machine_learning', @@ -243,7 +243,7 @@ export function anomalyThresholdField({ getService }: FtrProviderContext): void }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'machine_learning', @@ -280,7 +280,7 @@ export function anomalyThresholdField({ getService }: FtrProviderContext): void ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'machine_learning', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/configs/ess.config.ts similarity index 84% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/ess.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/configs/ess.config.ts index 3ebc09e11f2fb..5ff527858c70a 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/configs/ess.config.ts @@ -9,7 +9,7 @@ import { FtrConfigProviderContext } from '@kbn/test'; export default async function ({ readConfigFile }: FtrConfigProviderContext) { const functionalConfig = await readConfigFile( - require.resolve('../../../../../../../../../config/ess/config.base.trial') + require.resolve('../../../../../../../../../config/ess/config.base.trial.ts') ); const testConfig = { @@ -17,7 +17,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Prebuilt Rule Customization Enabled Per Field Integration Tests - ESS Env', + 'Rules Management - Prebuilt Rule (Customization Enabled) Per Field Integration Tests - ESS Env', }, }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/configs/serverless.config.ts similarity index 80% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/configs/serverless.config.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/configs/serverless.config.ts index 691330c33c12a..67a22e55ca110 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/common_fields/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/configs/serverless.config.ts @@ -11,6 +11,6 @@ export default createTestConfig({ testFiles: [require.resolve('..')], junit: { reportName: - 'Rules Management - Prebuilt Rule Customization Enabled Per Field Integration Tests - Serverless Env', + 'Rules Management - Prebuilt Rule (Customization Enabled) Per Field Integration Tests - Serverless Env', }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/eql_query.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/eql_query.ts similarity index 96% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/eql_query.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/eql_query.ts index 1e1f6795c5408..e33643d6d8fdc 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/eql_query.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/eql_query.ts @@ -16,7 +16,7 @@ import { export function eqlQueryField({ getService }: FtrProviderContext): void { describe('"eql_query"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'eql', @@ -58,7 +58,7 @@ export function eqlQueryField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'eql', @@ -134,7 +134,7 @@ export function eqlQueryField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'eql', @@ -212,7 +212,7 @@ export function eqlQueryField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'eql', @@ -290,7 +290,7 @@ export function eqlQueryField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'eql', @@ -358,7 +358,7 @@ export function eqlQueryField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'eql', @@ -403,7 +403,7 @@ export function eqlQueryField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'eql', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/esql_query.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/esql_query.ts similarity index 95% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/esql_query.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/esql_query.ts index f59086d07560f..94d586bc50824 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/esql_query.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/esql_query.ts @@ -16,7 +16,7 @@ import { export function esqlQueryField({ getService }: FtrProviderContext): void { describe('"esql_query"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'esql', @@ -51,7 +51,7 @@ export function esqlQueryField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'esql', @@ -113,7 +113,7 @@ export function esqlQueryField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'esql', @@ -179,7 +179,7 @@ export function esqlQueryField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'esql', @@ -245,7 +245,7 @@ export function esqlQueryField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'esql', @@ -304,7 +304,7 @@ export function esqlQueryField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'esql', @@ -344,7 +344,7 @@ export function esqlQueryField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'esql', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/history_window_start.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/history_window_start.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/history_window_start.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/history_window_start.ts index 6362fd474b441..8745742e54bd6 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/history_window_start.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/history_window_start.ts @@ -16,7 +16,7 @@ import { export function historyWindowStartField({ getService }: FtrProviderContext): void { describe('"history_window_start"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'new_terms', @@ -49,7 +49,7 @@ export function historyWindowStartField({ getService }: FtrProviderContext): voi ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'new_terms', @@ -97,7 +97,7 @@ export function historyWindowStartField({ getService }: FtrProviderContext): voi ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'new_terms', @@ -148,7 +148,7 @@ export function historyWindowStartField({ getService }: FtrProviderContext): voi ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'new_terms', @@ -199,7 +199,7 @@ export function historyWindowStartField({ getService }: FtrProviderContext): voi ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'new_terms', @@ -243,7 +243,7 @@ export function historyWindowStartField({ getService }: FtrProviderContext): voi }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'new_terms', @@ -280,7 +280,7 @@ export function historyWindowStartField({ getService }: FtrProviderContext): voi ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'new_terms', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/index.ts similarity index 100% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/index.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/index.ts diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/kql_query.inline_query.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/kql_query.inline_query.ts similarity index 97% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/kql_query.inline_query.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/kql_query.inline_query.ts index 6f2d4a8809a77..511df139cb7d5 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/kql_query.inline_query.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/kql_query.inline_query.ts @@ -22,7 +22,7 @@ const RULE_TYPES = ['query', 'threat_match', 'threshold', 'new_terms'] as const; export function inlineQueryKqlQueryField({ getService }: FtrProviderContext): void { for (const ruleType of RULE_TYPES) { describe(`"kql_query" with inline query for ${ruleType} rule`, () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { describe('without filters', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { @@ -145,7 +145,7 @@ export function inlineQueryKqlQueryField({ getService }: FtrProviderContext): vo }); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: ruleType, @@ -228,7 +228,7 @@ export function inlineQueryKqlQueryField({ getService }: FtrProviderContext): vo ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: ruleType, @@ -334,7 +334,7 @@ export function inlineQueryKqlQueryField({ getService }: FtrProviderContext): vo ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: ruleType, @@ -440,7 +440,7 @@ export function inlineQueryKqlQueryField({ getService }: FtrProviderContext): vo ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: ruleType, @@ -539,7 +539,7 @@ export function inlineQueryKqlQueryField({ getService }: FtrProviderContext): vo }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: ruleType, @@ -611,7 +611,7 @@ export function inlineQueryKqlQueryField({ getService }: FtrProviderContext): vo ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: ruleType, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/kql_query.saved_query.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/kql_query.saved_query.ts similarity index 95% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/kql_query.saved_query.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/kql_query.saved_query.ts index faacc1ea63ea8..38f514769c7db 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/kql_query.saved_query.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/kql_query.saved_query.ts @@ -21,7 +21,7 @@ import { export function savedQueryKqlQueryField({ getService }: FtrProviderContext): void { describe('"kql_query" with saved query', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'saved_query', @@ -57,7 +57,7 @@ export function savedQueryKqlQueryField({ getService }: FtrProviderContext): voi ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'saved_query', @@ -116,7 +116,7 @@ export function savedQueryKqlQueryField({ getService }: FtrProviderContext): voi ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'saved_query', @@ -178,7 +178,7 @@ export function savedQueryKqlQueryField({ getService }: FtrProviderContext): voi ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'saved_query', @@ -240,7 +240,7 @@ export function savedQueryKqlQueryField({ getService }: FtrProviderContext): voi ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'saved_query', @@ -295,7 +295,7 @@ export function savedQueryKqlQueryField({ getService }: FtrProviderContext): voi }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'saved_query', @@ -335,7 +335,7 @@ export function savedQueryKqlQueryField({ getService }: FtrProviderContext): voi ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'saved_query', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/machine_learning_job_id.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/machine_learning_job_id.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/machine_learning_job_id.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/machine_learning_job_id.ts index 64c08959eb016..3f61a25752358 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/machine_learning_job_id.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/machine_learning_job_id.ts @@ -16,7 +16,7 @@ import { export function machineLearningJobIdField({ getService }: FtrProviderContext): void { describe('"machine_learning_job_id"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'machine_learning', @@ -49,7 +49,7 @@ export function machineLearningJobIdField({ getService }: FtrProviderContext): v ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'machine_learning', @@ -97,7 +97,7 @@ export function machineLearningJobIdField({ getService }: FtrProviderContext): v ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'machine_learning', @@ -148,7 +148,7 @@ export function machineLearningJobIdField({ getService }: FtrProviderContext): v ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'machine_learning', @@ -199,7 +199,7 @@ export function machineLearningJobIdField({ getService }: FtrProviderContext): v ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'machine_learning', @@ -243,7 +243,7 @@ export function machineLearningJobIdField({ getService }: FtrProviderContext): v }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'machine_learning', @@ -280,7 +280,7 @@ export function machineLearningJobIdField({ getService }: FtrProviderContext): v ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'machine_learning', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/new_terms_fields.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/new_terms_fields.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/new_terms_fields.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/new_terms_fields.ts index 71356a1e437af..57be81a679f23 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/new_terms_fields.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/new_terms_fields.ts @@ -19,7 +19,7 @@ import { export function newTermsFieldsField({ getService }: FtrProviderContext): void { describe('"new_terms_fields"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'new_terms', @@ -52,7 +52,7 @@ export function newTermsFieldsField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'new_terms', @@ -100,7 +100,7 @@ export function newTermsFieldsField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'new_terms', @@ -151,7 +151,7 @@ export function newTermsFieldsField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'new_terms', @@ -202,7 +202,7 @@ export function newTermsFieldsField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'new_terms', @@ -246,7 +246,7 @@ export function newTermsFieldsField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'new_terms', @@ -283,7 +283,7 @@ export function newTermsFieldsField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'new_terms', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/threat_index.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_index.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/threat_index.ts index 58c8d2cab5fde..d2405329d4b3b 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/threat_index.ts @@ -19,7 +19,7 @@ import { export function threatIndexField({ getService }: FtrProviderContext): void { describe('"threat_index"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -52,7 +52,7 @@ export function threatIndexField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -100,7 +100,7 @@ export function threatIndexField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -151,7 +151,7 @@ export function threatIndexField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -202,7 +202,7 @@ export function threatIndexField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -246,7 +246,7 @@ export function threatIndexField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -283,7 +283,7 @@ export function threatIndexField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_indicator_path.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/threat_indicator_path.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_indicator_path.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/threat_indicator_path.ts index de706df8c19b1..166d70fdf6ad1 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_indicator_path.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/threat_indicator_path.ts @@ -16,7 +16,7 @@ import { export function threatIndicatorPathField({ getService }: FtrProviderContext): void { describe('"threat_indicator_path"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -49,7 +49,7 @@ export function threatIndicatorPathField({ getService }: FtrProviderContext): vo ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -97,7 +97,7 @@ export function threatIndicatorPathField({ getService }: FtrProviderContext): vo ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -148,7 +148,7 @@ export function threatIndicatorPathField({ getService }: FtrProviderContext): vo ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -199,7 +199,7 @@ export function threatIndicatorPathField({ getService }: FtrProviderContext): vo ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -243,7 +243,7 @@ export function threatIndicatorPathField({ getService }: FtrProviderContext): vo }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -280,7 +280,7 @@ export function threatIndicatorPathField({ getService }: FtrProviderContext): vo ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_mapping.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/threat_mapping.ts similarity index 96% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_mapping.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/threat_mapping.ts index 06763e06db802..74b75829d5e61 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_mapping.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/threat_mapping.ts @@ -16,7 +16,7 @@ import { export function threatMappingField({ getService }: FtrProviderContext): void { describe('"threat_mapping"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -55,7 +55,7 @@ export function threatMappingField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -111,7 +111,7 @@ export function threatMappingField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -170,7 +170,7 @@ export function threatMappingField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -229,7 +229,7 @@ export function threatMappingField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -279,7 +279,7 @@ export function threatMappingField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -322,7 +322,7 @@ export function threatMappingField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_query.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/threat_query.ts similarity index 96% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_query.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/threat_query.ts index a30c3a4cb6cf9..009ae859a5cb3 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threat_query.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/threat_query.ts @@ -19,7 +19,7 @@ import { export function threatQueryField({ getService }: FtrProviderContext): void { describe('"threat_query"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -57,7 +57,7 @@ export function threatQueryField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -133,7 +133,7 @@ export function threatQueryField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -212,7 +212,7 @@ export function threatQueryField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -291,7 +291,7 @@ export function threatQueryField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -360,7 +360,7 @@ export function threatQueryField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', @@ -402,7 +402,7 @@ export function threatQueryField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threat_match', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threshold.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/threshold.ts similarity index 94% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threshold.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/threshold.ts index 9469fda5f8ae6..d5c0a0f53c02b 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/diffable_rule_fields/type_specific_fields/threshold.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/type_specific_fields/threshold.ts @@ -16,7 +16,7 @@ import { export function thresholdField({ getService }: FtrProviderContext): void { describe('"threshold"', () => { - describe('non-customized w/o an upgrade (AAA diff case)', () => { + describe('non-customized without an upgrade (AAA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threshold', @@ -49,7 +49,7 @@ export function thresholdField({ getService }: FtrProviderContext): void { ); }); - describe('non-customized w/ an upgrade (AAB diff case)', () => { + describe('non-customized with an upgrade (AAB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threshold', @@ -97,7 +97,7 @@ export function thresholdField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/o an upgrade (ABA diff case)', () => { + describe('customized without an upgrade (ABA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threshold', @@ -148,7 +148,7 @@ export function thresholdField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ the matching upgrade (ABB diff case)', () => { + describe('customized with the matching upgrade (ABB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threshold', @@ -199,7 +199,7 @@ export function thresholdField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { + describe('customized with an upgrade resulting in a conflict (ABC diff case, non-solvable conflict)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threshold', @@ -243,7 +243,7 @@ export function thresholdField({ getService }: FtrProviderContext): void { }); describe('without historical versions', () => { - describe('customized w/ the matching upgrade (-AA diff case)', () => { + describe('customized with the matching upgrade (-AA diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threshold', @@ -280,7 +280,7 @@ export function thresholdField({ getService }: FtrProviderContext): void { ); }); - describe('customized w/ an upgrade (-AB diff case)', () => { + describe('customized with an upgrade (-AB diff case)', () => { const ruleUpgradeAssets: TestFieldRuleUpgradeAssets = { installed: { type: 'threshold', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/index.ts similarity index 54% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/index.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/index.ts index 0fc00f8f9c128..037e5f00c1ff0 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/index.ts @@ -8,9 +8,10 @@ import { FtrProviderContext } from '../../../../../../ftr_provider_context'; export default ({ loadTestFile }: FtrProviderContext): void => { - describe('Rules Management - Prebuilt Rules - Prebuilt Rule Customization Disabled', function () { - loadTestFile(require.resolve('./is_customized_calculation')); - loadTestFile(require.resolve('./upgrade_perform_prebuilt_rules')); - loadTestFile(require.resolve('./rules_export/export_prebuilt_rules')); + describe('Upgrade prebuilt rules', function () { + loadTestFile(require.resolve('./review_prebuilt_rules_upgrade')); + loadTestFile(require.resolve('./bulk_upgrade_all_prebuilt_rules')); + loadTestFile(require.resolve('./bulk_upgrade_selected_prebuilt_rules')); + loadTestFile(require.resolve('./upgrade_single_prebuilt_rule')); }); }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/preview_prebuilt_rules_upgrade.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/review_prebuilt_rules_upgrade.ts similarity index 98% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/preview_prebuilt_rules_upgrade.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/review_prebuilt_rules_upgrade.ts index d5fbc330ee3e2..50e00c8e9853e 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/preview_prebuilt_rules_upgrade.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/review_prebuilt_rules_upgrade.ts @@ -18,14 +18,13 @@ export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); const supertest = getService('supertest'); const log = getService('log'); - const deps = { es, supertest, log, }; - describe('@ess @serverless @skipInServerlessMKI preview prebuilt rules upgrade', () => { + describe('@ess @serverless @skipInServerlessMKI review prebuilt rules upgrade', () => { beforeEach(async () => { await deleteAllRules(supertest, log); await deleteAllPrebuiltRuleAssets(es, log); @@ -190,7 +189,7 @@ export default ({ getService }: FtrProviderContext): void => { }); }); - it(`asserts "has_update" is ${!withHistoricalVersions} for customized fields w/o upgrades`, async () => { + it(`asserts "has_update" is ${!withHistoricalVersions} for customized fields without upgrades`, async () => { await setUpRuleUpgrade({ assets: [ { diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/upgrade_prebuilt_rules/upgrade_single_prebuilt_rule.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/upgrade_single_prebuilt_rule.ts similarity index 93% rename from x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/upgrade_prebuilt_rules/upgrade_single_prebuilt_rule.ts rename to x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/upgrade_single_prebuilt_rule.ts index 6f345365a4e2b..b2204d8aa9ab8 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/upgrade_prebuilt_rules/upgrade_single_prebuilt_rule.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/upgrade_single_prebuilt_rule.ts @@ -8,14 +8,19 @@ import expect from 'expect'; import type SuperTest from 'supertest'; import { ModeEnum } from '@kbn/security-solution-plugin/common/api/detection_engine'; +import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; import { DEFAULT_TEST_RULE_ID, setUpRuleUpgrade, -} from '../../../../../utils/rules/prebuilt_rules/set_up_rule_upgrade'; -import { FtrProviderContext } from '../../../../../../../ftr_provider_context'; -import { performUpgradePrebuiltRules, getWebHookAction } from '../../../../../utils'; +} from '../../../../utils/rules/prebuilt_rules/set_up_rule_upgrade'; +import { FtrProviderContext } from '../../../../../../ftr_provider_context'; +import { + deleteAllPrebuiltRuleAssets, + performUpgradePrebuiltRules, + getWebHookAction, +} from '../../../../utils'; -export function upgradeSinglePrebuiltRule({ getService }: FtrProviderContext): void { +export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); const supertest = getService('supertest'); const log = getService('log'); @@ -26,18 +31,23 @@ export function upgradeSinglePrebuiltRule({ getService }: FtrProviderContext): v log, }; - const RULE_TYPES = [ - 'query', - 'saved_query', - 'eql', - 'esql', - 'threat_match', - 'threshold', - 'machine_learning', - 'new_terms', - ] as const; - - describe('single rule', () => { + describe('@ess @serverless @skipInServerlessMKI Upgrade single prebuilt rule', () => { + beforeEach(async () => { + await deleteAllRules(supertest, log); + await deleteAllPrebuiltRuleAssets(es, log); + }); + + const RULE_TYPES = [ + 'query', + 'saved_query', + 'eql', + 'esql', + 'threat_match', + 'threshold', + 'machine_learning', + 'new_terms', + ] as const; + for (const withHistoricalVersions of [true, false]) { describe( withHistoricalVersions ? 'with historical versions' : 'without historical versions', @@ -353,7 +363,7 @@ export function upgradeSinglePrebuiltRule({ getService }: FtrProviderContext): v ); } }); -} +}; async function createAction(supertest: SuperTest.Agent) { const createConnector = async (payload: Record) => diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts deleted file mode 100644 index e6ecd5825e98b..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/large_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import path from 'path'; -import { createTestConfig } from '../../../../../../../config/serverless/config.base'; - -export const BUNDLED_PACKAGE_DIR = path.join( - path.dirname(__filename), - './../fleet_bundled_packages/fixtures' -); -export default createTestConfig({ - testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Large Prebuilt Rules Package Installation Integration Tests - Serverless Env - Complete License', - }, - kbnTestServerArgs: [ - /* Tests in this directory simulate an air-gapped environment in which the instance doesn't have access to EPR. - * To do that, we point the Fleet url to an invalid URL, and instruct Fleet to fetch bundled packages at the - * location defined in BUNDLED_PACKAGE_DIR. - * Since we want to test the installation of a large package, we created a specific package `security_detection_engine-100.0.0` - * which contains 15000 rules assets and 750 unique rules, and attempt to install it. - */ - `--xpack.fleet.registryUrl=http://invalidURL:8080`, - `--xpack.fleet.developer.bundledPackageLocation=${BUNDLED_PACKAGE_DIR}`, - ], - kbnTestServerEnv: { - /* Limit the heap memory to the lowest amount with which Kibana doesn't crash with an out of memory error - * when installing the large package. - */ - NODE_OPTIONS: '--max-old-space-size=800', - }, -}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/configs/ess.config.ts deleted file mode 100644 index 4017401095358..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/configs/ess.config.ts +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrConfigProviderContext } from '@kbn/test'; - -export default async function ({ readConfigFile }: FtrConfigProviderContext) { - const functionalConfig = await readConfigFile( - require.resolve('../../../../../../../config/ess/config.base.trial') - ); - - return { - ...functionalConfig.getAll(), - testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Prebuilt Rules Management Integration Tests - ESS Env - Trial License', - }, - }; -} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/configs/serverless.config.ts deleted file mode 100644 index ac06cacf21f63..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/configs/serverless.config.ts +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { createTestConfig } from '../../../../../../../config/serverless/config.base'; - -export default createTestConfig({ - testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Prebuilt Rules Management Integration Tests - Serverless Env - Complete License', - }, -}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/index.ts deleted file mode 100644 index 0b57697c483b5..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/index.ts +++ /dev/null @@ -1,19 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; - -export default ({ loadTestFile }: FtrProviderContext): void => { - describe('Rules Management - Prebuilt Rules - Prebuilt Rules Management', function () { - loadTestFile(require.resolve('./bootstrap_prebuilt_rules')); - loadTestFile(require.resolve('./get_prebuilt_rules_status')); - loadTestFile(require.resolve('./get_prebuilt_timelines_status')); - loadTestFile(require.resolve('./install_prebuilt_rules')); - loadTestFile(require.resolve('./install_prebuilt_rules_with_historical_versions')); - loadTestFile(require.resolve('./fleet_integration')); - }); -}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/install_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/install_prebuilt_rules.ts deleted file mode 100644 index a96f88101d006..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/management/trial_license_complete_tier/install_prebuilt_rules.ts +++ /dev/null @@ -1,132 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ -import expect from 'expect'; -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; -import { - deleteAllTimelines, - deleteAllPrebuiltRuleAssets, - createRuleAssetSavedObject, - createPrebuiltRuleAssetSavedObjects, - installPrebuiltRulesAndTimelines, - getPrebuiltRulesAndTimelinesStatus, - getPrebuiltRulesStatus, - installPrebuiltRules, - getInstalledRules, -} from '../../../../utils'; -import { deleteAllRules, deleteRule } from '../../../../../../../common/utils/security_solution'; - -export default ({ getService }: FtrProviderContext): void => { - const es = getService('es'); - const supertest = getService('supertest'); - const log = getService('log'); - - describe('@ess @serverless @skipInServerlessMKI install prebuilt rules from package without historical versions with mock rule assets', () => { - const getRuleAssetSavedObjects = () => [ - createRuleAssetSavedObject({ rule_id: 'rule-1', version: 1 }), - createRuleAssetSavedObject({ rule_id: 'rule-2', version: 2 }), - createRuleAssetSavedObject({ rule_id: 'rule-3', version: 3 }), - createRuleAssetSavedObject({ rule_id: 'rule-4', version: 4 }), - ]; - const RULES_COUNT = getRuleAssetSavedObjects().length; - - beforeEach(async () => { - await deleteAllRules(supertest, log); - await deleteAllTimelines(es, log); - await deleteAllPrebuiltRuleAssets(es, log); - }); - - describe('using current endpoint', () => { - it('should install prebuilt rules', async () => { - await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - const body = await installPrebuiltRules(es, supertest); - - expect(body.summary.succeeded).toBe(RULES_COUNT); - expect(body.summary.failed).toBe(0); - expect(body.summary.skipped).toBe(0); - }); - - it('should install correct prebuilt rule versions', async () => { - await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - const body = await installPrebuiltRules(es, supertest); - - // Check that all prebuilt rules were actually installed and their versions match the latest - expect(body.results.created).toEqual( - expect.arrayContaining([ - expect.objectContaining({ rule_id: 'rule-1', version: 1 }), - expect.objectContaining({ rule_id: 'rule-2', version: 2 }), - expect.objectContaining({ rule_id: 'rule-3', version: 3 }), - expect.objectContaining({ rule_id: 'rule-4', version: 4 }), - ]) - ); - }); - - it('should install missing prebuilt rules', async () => { - // Install all prebuilt detection rules - await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRules(es, supertest); - - // Delete one of the installed rules - await deleteRule(supertest, 'rule-1'); - - // Check that one prebuilt rule is missing - const statusResponse = await getPrebuiltRulesStatus(es, supertest); - expect(statusResponse.stats.num_prebuilt_rules_to_install).toBe(1); - - // Call the install prebuilt rules again and check that the missing rule was installed - const response = await installPrebuiltRules(es, supertest); - expect(response.summary.succeeded).toBe(1); - }); - }); - - describe('using legacy endpoint', () => { - it('should install prebuilt rules', async () => { - await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - const body = await installPrebuiltRulesAndTimelines(es, supertest); - - expect(body.rules_installed).toBe(RULES_COUNT); - expect(body.rules_updated).toBe(0); - }); - - it('should install correct prebuilt rule versions', async () => { - await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRulesAndTimelines(es, supertest); - - // Get installed rules - const rulesResponse = await getInstalledRules(supertest); - - // Check that all prebuilt rules were actually installed and their versions match the latest - expect(rulesResponse.total).toBe(RULES_COUNT); - expect(rulesResponse.data).toEqual( - expect.arrayContaining([ - expect.objectContaining({ rule_id: 'rule-1', version: 1 }), - expect.objectContaining({ rule_id: 'rule-2', version: 2 }), - expect.objectContaining({ rule_id: 'rule-3', version: 3 }), - expect.objectContaining({ rule_id: 'rule-4', version: 4 }), - ]) - ); - }); - - it('should install missing prebuilt rules', async () => { - // Install all prebuilt detection rules - await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); - await installPrebuiltRulesAndTimelines(es, supertest); - - // Delete one of the installed rules - await deleteRule(supertest, 'rule-1'); - - // Check that one prebuilt rule is missing - const statusResponse = await getPrebuiltRulesAndTimelinesStatus(es, supertest); - expect(statusResponse.rules_not_installed).toBe(1); - - // Call the install prebuilt rules again and check that the missing rule was installed - const response = await installPrebuiltRulesAndTimelines(es, supertest); - expect(response.rules_installed).toBe(1); - expect(response.rules_updated).toBe(0); - }); - }); - }); -}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess_basic_license.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess_basic_license.config.ts deleted file mode 100644 index 49bb40b06d39b..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/ess_basic_license.config.ts +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrConfigProviderContext } from '@kbn/test'; - -export default async function ({ readConfigFile }: FtrConfigProviderContext) { - const functionalConfig = await readConfigFile( - require.resolve('../../../../../../../config/ess/config.base.basic') - ); - - const testConfig = { - ...functionalConfig.getAll(), - testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Prebuilt Rule Customization Disabled Integration Tests - ESS Env Basic License', - }, - }; - - return testConfig; -} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/serverless_essentials_tier.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/serverless_essentials_tier.config.ts deleted file mode 100644 index 1983a1f5bdc5b..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_disabled/configs/serverless_essentials_tier.config.ts +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { createTestConfig } from '../../../../../../../config/serverless/config.base.essentials'; - -export default createTestConfig({ - testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Prebuilt Rule Customization Disabled Integration Tests - Serverless Env Essentials Tier', - }, -}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/index.ts deleted file mode 100644 index 625b37ebd1300..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/index.ts +++ /dev/null @@ -1,19 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; - -export default ({ loadTestFile }: FtrProviderContext): void => { - describe('Rules Management - Prebuilt Rules - Prebuilt Rule Customization Enabled', function () { - loadTestFile(require.resolve('./is_customized_calculation')); - loadTestFile(require.resolve('./import_rules')); - loadTestFile(require.resolve('./rules_export')); - loadTestFile(require.resolve('./rule_customization')); - loadTestFile(require.resolve('./preview_prebuilt_rules_upgrade')); - loadTestFile(require.resolve('./upgrade_prebuilt_rules')); - }); -}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/is_customized_calculation.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/is_customized_calculation.ts deleted file mode 100644 index 72f9062f66ca1..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/is_customized_calculation.ts +++ /dev/null @@ -1,200 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ -import { - BulkActionEditTypeEnum, - BulkActionTypeEnum, -} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.gen'; -import expect from 'expect'; -import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; -import { - createPrebuiltRuleAssetSavedObjects, - createRuleAssetSavedObject, - deleteAllPrebuiltRuleAssets, - installPrebuiltRules, -} from '../../../../utils'; - -export default ({ getService }: FtrProviderContext): void => { - const es = getService('es'); - const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); - const log = getService('log'); - - const ruleAsset = createRuleAssetSavedObject({ - rule_id: '000047bb-b27a-47ec-8b62-ef1a5d2c9e19', - tags: ['test-tag'], - }); - - describe('@ess @serverless @skipInServerlessMKI is_customized calculation', () => { - beforeEach(async () => { - await deleteAllRules(supertest, log); - await deleteAllPrebuiltRuleAssets(es, log); - }); - - describe('prebuilt rules', () => { - it('should set is_customized to true on bulk rule modification', async () => { - await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); - await installPrebuiltRules(es, supertest); - - const { body: findResult } = await securitySolutionApi - .findRules({ - query: { - per_page: 1, - filter: `alert.attributes.params.immutable: true`, - }, - }) - .expect(200); - const prebuiltRule = findResult.data[0]; - expect(prebuiltRule).not.toBeNull(); - expect(prebuiltRule.rule_source.is_customized).toEqual(false); - - const { body: bulkResult } = await securitySolutionApi - .performRulesBulkAction({ - query: {}, - body: { - ids: [prebuiltRule.id], - action: BulkActionTypeEnum.edit, - [BulkActionTypeEnum.edit]: [ - { - type: BulkActionEditTypeEnum.add_tags, - value: ['new-tag'], - }, - ], - }, - }) - .expect(200); - - expect(bulkResult.attributes.summary).toEqual({ - failed: 0, - skipped: 0, - succeeded: 1, - total: 1, - }); - expect(bulkResult.attributes.results.updated[0].rule_source.is_customized).toEqual(true); - }); - - it('should leave is_customized intact if the change has been skipped', async () => { - await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); - await installPrebuiltRules(es, supertest); - - const { body: findResult } = await securitySolutionApi - .findRules({ - query: { - per_page: 1, - filter: `alert.attributes.params.immutable: true`, - }, - }) - .expect(200); - const prebuiltRule = findResult.data[0]; - expect(prebuiltRule).not.toBeNull(); - expect(prebuiltRule.rule_source.is_customized).toEqual(false); - - const { body: bulkResult } = await securitySolutionApi - .performRulesBulkAction({ - query: {}, - body: { - ids: [prebuiltRule.id], - action: BulkActionTypeEnum.edit, - [BulkActionTypeEnum.edit]: [ - { - type: BulkActionEditTypeEnum.add_tags, - // This tag is already present on the rule, so the change will be skipped - value: [prebuiltRule.tags[0]], - }, - ], - }, - }) - .expect(200); - - expect(bulkResult.attributes.summary).toEqual({ - failed: 0, - skipped: 1, - succeeded: 0, - total: 1, - }); - - // Check that the rule has not been customized - const { body: findResultAfter } = await securitySolutionApi - .findRules({ - query: { - per_page: 1, - filter: `alert.attributes.params.immutable: true`, - }, - }) - .expect(200); - expect(findResultAfter.data[0].rule_source.is_customized).toEqual(false); - }); - - it('should set is_customized to false if the change has been reverted', async () => { - await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); - await installPrebuiltRules(es, supertest); - - const { body: findResult } = await securitySolutionApi - .findRules({ - query: { - per_page: 1, - filter: `alert.attributes.params.immutable: true`, - }, - }) - .expect(200); - const prebuiltRule = findResult.data[0]; - expect(prebuiltRule).not.toBeNull(); - expect(prebuiltRule.rule_source.is_customized).toEqual(false); - - // Add a tag to the rule - const { body: bulkResult } = await securitySolutionApi - .performRulesBulkAction({ - query: {}, - body: { - ids: [prebuiltRule.id], - action: BulkActionTypeEnum.edit, - [BulkActionTypeEnum.edit]: [ - { - type: BulkActionEditTypeEnum.add_tags, - value: ['new-tag'], - }, - ], - }, - }) - .expect(200); - - expect(bulkResult.attributes.summary).toEqual({ - failed: 0, - skipped: 0, - succeeded: 1, - total: 1, - }); - - // Remove the added tag - const { body: revertResult } = await securitySolutionApi - .performRulesBulkAction({ - query: {}, - body: { - ids: [prebuiltRule.id], - action: BulkActionTypeEnum.edit, - [BulkActionTypeEnum.edit]: [ - { - type: BulkActionEditTypeEnum.delete_tags, - value: ['new-tag'], - }, - ], - }, - }) - .expect(200); - - expect(revertResult.attributes.summary).toEqual({ - failed: 0, - skipped: 0, - succeeded: 1, - total: 1, - }); - - expect(revertResult.attributes.results.updated[0].rule_source.is_customized).toEqual(false); - }); - }); - }); -}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/upgrade_prebuilt_rules/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/upgrade_prebuilt_rules/index.ts deleted file mode 100644 index 03b0c28326f4b..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/prebuilt_rule_customization/customization_enabled/upgrade_prebuilt_rules/index.ts +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrProviderContext } from '../../../../../../../ftr_provider_context'; -import { deleteAllPrebuiltRuleAssets } from '../../../../../utils'; -import { deleteAllRules } from '../../../../../../../../common/utils/security_solution'; -import { bulkUpgradeAllPrebuiltRules } from './bulk_upgrade_all_prebuilt_rules'; -import { bulkUpgradeSelectedPrebuiltRules } from './bulk_upgrade_selected_prebuilt_rules'; -import { upgradeSinglePrebuiltRule } from './upgrade_single_prebuilt_rule'; - -export default (context: FtrProviderContext): void => { - const es = context.getService('es'); - const supertest = context.getService('supertest'); - const log = context.getService('log'); - - describe('@ess @serverless @skipInServerlessMKI upgrade prebuilt rules', () => { - beforeEach(async () => { - await deleteAllRules(supertest, log); - await deleteAllPrebuiltRuleAssets(es, log); - }); - - bulkUpgradeAllPrebuiltRules(context); - bulkUpgradeSelectedPrebuiltRules(context); - upgradeSinglePrebuiltRule(context); - }); -}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts deleted file mode 100644 index 2198f4e6fa0df..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/configs/ess.config.ts +++ /dev/null @@ -1,23 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrConfigProviderContext } from '@kbn/test'; - -export default async function ({ readConfigFile }: FtrConfigProviderContext) { - const functionalConfig = await readConfigFile( - require.resolve('../../../../../../../config/ess/config.base.trial') - ); - - return { - ...functionalConfig.getAll(), - testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Update Prebuilt Rules Integration Tests - ESS Env - Trial License', - }, - }; -} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts deleted file mode 100644 index 181c938ad734a..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/update_prebuilt_rules_package/trial_license_complete_tier/configs/serverless.config.ts +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { createTestConfig } from '../../../../../../../config/serverless/config.base'; - -export default createTestConfig({ - testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Update Prebuilt Rules Integration Tests - Serverless Env - Complete Tier', - }, -}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts index 904ae2aab9a30..7514a22e13764 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts @@ -1489,67 +1489,6 @@ export default ({ getService }: FtrProviderContext): void => { expect(updatedRule.version).toBe(rule.version + 1); }); - describe('prebuilt rules', () => { - const cases = [ - { - type: BulkActionEditTypeEnum.add_tags, - value: ['new-tag'], - }, - { - type: BulkActionEditTypeEnum.set_tags, - value: ['new-tag'], - }, - { - type: BulkActionEditTypeEnum.delete_tags, - value: ['new-tag'], - }, - { - type: BulkActionEditTypeEnum.add_index_patterns, - value: ['test-*'], - }, - { - type: BulkActionEditTypeEnum.set_index_patterns, - value: ['test-*'], - }, - { - type: BulkActionEditTypeEnum.delete_index_patterns, - value: ['test-*'], - }, - { - type: BulkActionEditTypeEnum.set_timeline, - value: { timeline_id: 'mock-id', timeline_title: 'mock-title' }, - }, - { - type: BulkActionEditTypeEnum.set_schedule, - value: { interval: '1m', lookback: '1m' }, - }, - ]; - cases.forEach(({ type, value }) => { - it(`should NOT return error when trying to apply "${type}" edit action to prebuilt rule`, async () => { - await installMockPrebuiltRules(supertest, es); - const prebuiltRule = await fetchPrebuiltRule(); - - const { body } = await postBulkAction() - .send({ - ids: [prebuiltRule.id], - action: BulkActionTypeEnum.edit, - [BulkActionTypeEnum.edit]: [ - { - type, - value, - }, - ], - }) - .expect(200); - - expect(body).toMatchObject({ - success: true, - rules_count: 1, - }); - }); - }); - }); - describe('rule actions', () => { const webHookActionMock = { group: 'default', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_dry_run.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_dry_run.ts index ed1ef1d4ee071..2933c585c0861 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_dry_run.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_dry_run.ts @@ -10,12 +10,7 @@ import { BulkActionEditTypeEnum, } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management'; import moment from 'moment'; -import { - getCustomQueryRuleParams, - getSimpleMlRule, - getSimpleRule, - installMockPrebuiltRules, -} from '../../../utils'; +import { getCustomQueryRuleParams, getSimpleMlRule, getSimpleRule } from '../../../utils'; import { createRule, createAlertsIndex, @@ -201,31 +196,6 @@ export default ({ getService }: FtrProviderContext): void => { expect(ruleBody.tags).toEqual(tags); }); - it('should allow prebuilt rules edit', async () => { - await installMockPrebuiltRules(supertest, es); - const { body: findBody } = await securitySolutionApi - .findRules({ query: { per_page: 1, filter: 'alert.attributes.params.immutable: true' } }) - .expect(200); - - const prebuiltRule = findBody.data[0]; - - const { body } = await securitySolutionApi - .performRulesBulkAction({ - query: { dry_run: true }, - body: { - ids: [prebuiltRule.id], - action: BulkActionTypeEnum.edit, - [BulkActionTypeEnum.edit]: [ - { type: BulkActionEditTypeEnum.set_tags, value: ['reset-tag'] }, - ], - }, - }) - .expect(200); - - expect(body).toMatchObject({ success: true }); - expect(body.attributes.summary).toMatchObject({ succeeded: 1, total: 1 }); - }); - describe('validate updating index pattern for machine learning rule', () => { const actions = [ BulkActionEditTypeEnum.add_index_patterns, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/export_prebuilt_rules_feature_enabled.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/export_prebuilt_rules_feature_enabled.ts deleted file mode 100644 index dd06a1a6ec41b..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/export_prebuilt_rules/feature_enabled/export_prebuilt_rules_feature_enabled.ts +++ /dev/null @@ -1,122 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import expect from 'expect'; -import { BulkActionTypeEnum } from '@kbn/security-solution-plugin/common/api/detection_engine'; -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; -import { - binaryToString, - createPrebuiltRuleAssetSavedObjects, - createRuleAssetSavedObject, - deleteAllPrebuiltRuleAssets, - installPrebuiltRules, -} from '../../../../utils'; -import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; - -export default ({ getService }: FtrProviderContext): void => { - const es = getService('es'); - const securitySolutionApi = getService('securitySolutionApi'); - const supertest = getService('supertest'); - const log = getService('log'); - - describe('@ess @serverless @skipInServerlessMKI Prebuilt rule export', () => { - beforeEach(async () => { - await deleteAllRules(supertest, log); - await deleteAllPrebuiltRuleAssets(es, log); - }); - - it("Export API - exports prebuilt all rules if rule_id's are not specified", async () => { - const ruleId = 'prebuilt-rule-1'; - const ruleAsset = createRuleAssetSavedObject({ rule_id: ruleId, version: 1 }); - await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); - await installPrebuiltRules(es, supertest); - - const { body } = await securitySolutionApi - .exportRules({ query: {}, body: null }) - .expect(200) - .parse(binaryToString); - - const [ruleJson, exportDetailsJson] = body.toString().split(/\n/); - - expect(JSON.parse(ruleJson)).toMatchObject({ - rule_id: ruleId, - rule_source: { - type: 'external', - is_customized: false, - }, - }); - - expect(JSON.parse(exportDetailsJson)).toMatchObject({ - exported_rules_count: 1, - missing_rules: [], - }); - }); - - it('Export API - exports specified prebuilt rules', async () => { - const ruleId = 'prebuilt-rule-1'; - const ruleAsset = createRuleAssetSavedObject({ rule_id: ruleId, version: 1 }); - await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); - await installPrebuiltRules(es, supertest); - - const { body } = await securitySolutionApi - .exportRules({ - query: {}, - body: { - objects: [{ rule_id: ruleId }], - }, - }) - .expect(200) - .parse(binaryToString); - - const [ruleJson, exportDetailsJson] = body.toString().split(/\n/); - - expect(JSON.parse(ruleJson)).toMatchObject({ - rule_id: ruleId, - rule_source: { - type: 'external', - is_customized: false, - }, - }); - - expect(JSON.parse(exportDetailsJson)).toMatchObject({ - exported_rules_count: 1, - missing_rules: [], - }); - }); - - it('Bulk actions export API - exports prebuilt rules', async () => { - const ruleAsset = createRuleAssetSavedObject({ rule_id: 'prebuilt-rule-1', version: 1 }); - await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); - await installPrebuiltRules(es, supertest); - - const findResponse = await securitySolutionApi.findRules({ query: {} }); - const installedRule = findResponse.body.data[0]; - - const { body } = await securitySolutionApi - .performRulesBulkAction({ - query: {}, - body: { action: BulkActionTypeEnum.export, ids: [installedRule.id] }, - }) - .expect(200) - .parse(binaryToString); - - const [ruleJson, exportDetailsJson] = body.toString().split(/\n/); - - expect(JSON.parse(ruleJson)).toMatchObject({ - id: installedRule.id, - rule_source: { - type: 'external', - is_customized: false, - }, - }); - - expect(JSON.parse(exportDetailsJson)).toMatchObject({ - missing_rules: [], - }); - }); - }); -}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/allowed_importing_customized_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/allowed_importing_customized_prebuilt_rules.ts deleted file mode 100644 index 6f71abc686d1c..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/allowed_importing_customized_prebuilt_rules.ts +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import expect from 'expect'; -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; -import { - createPrebuiltRuleAssetSavedObjects, - createRuleAssetSavedObject, - deleteAllPrebuiltRuleAssets, - getCustomQueryRuleParams, -} from '../../../../utils'; -import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; -import { combineToNdJson } from '../../../../utils/combine_to_ndjson'; - -export default ({ getService }: FtrProviderContext): void => { - const es = getService('es'); - const securitySolutionApi = getService('securitySolutionApi'); - const supertest = getService('supertest'); - const log = getService('log'); - - describe('@ess @serverless @skipInServerlessMKI Prebuilt rule import', () => { - beforeEach(async () => { - await deleteAllRules(supertest, log); - await deleteAllPrebuiltRuleAssets(es, log); - }); - - it(`imports customized prebuilt rules`, async () => { - const ruleId = 'prebuilt-rule-to-be-customized'; - const ruleParams = getCustomQueryRuleParams({ - rule_id: ruleId, - // @ts-expect-error the API supports this param, but we only need it in {@link RuleToImport} - immutable: true, - rule_source: { type: 'external', is_customized: false }, - version: 1, - }); - const ruleAsset = createRuleAssetSavedObject(ruleParams); - - await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); - - // Customizing the rule before importing - const ndjson = combineToNdJson({ ...ruleParams, name: 'My customized rule' }); - - const { body } = await securitySolutionApi - .importRules({ query: {} }) - .attach('file', Buffer.from(ndjson), 'rules.ndjson') - .expect(200); - - expect(body).toMatchObject({ - success: true, - errors: [], - }); - - const { body: importedRule } = await securitySolutionApi - .readRule({ - query: { rule_id: ruleId }, - }) - .expect(200); - - expect(importedRule).toMatchObject({ - ...ruleParams, - name: 'My customized rule', - rule_source: { - type: 'external', - is_customized: true, - }, - }); - }); - }); -}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/ess_enterprise_license.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/ess_enterprise_license.config.ts deleted file mode 100644 index c037f95548a56..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/ess_enterprise_license.config.ts +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrConfigProviderContext } from '@kbn/test'; - -export default async function ({ readConfigFile }: FtrConfigProviderContext) { - const functionalConfig = await readConfigFile( - require.resolve('../../../../../../../config/ess/config.base.trial') - ); - - const testConfig = { - ...functionalConfig.getAll(), - testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Rule Import Integration Tests - Importing customized prebuilt rules - Customization enabled - ESS Env', - }, - }; - - return testConfig; -} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/serverless_complete_tier.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/serverless_complete_tier.config.ts deleted file mode 100644 index 46738a39c1ff1..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/configs/serverless_complete_tier.config.ts +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { createTestConfig } from '../../../../../../../config/serverless/config.base'; - -export default createTestConfig({ - testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Rule Import Integration Tests - Importing customized prebuilt rules - Customization disabled - Serverless Env', - }, -}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/index.ts deleted file mode 100644 index 66752a09e225a..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_customized_prebuilt_rules/feature_enabled/index.ts +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; - -export default function ({ loadTestFile }: FtrProviderContext) { - describe('Rules Management - Rule Import API - Customized prebuilt rules', function () { - loadTestFile(require.resolve('./allowed_importing_customized_prebuilt_rules')); - }); -} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/allowed_importing_non_customized_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/allowed_importing_non_customized_prebuilt_rules.ts deleted file mode 100644 index 7dd9643cdd18d..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/allowed_importing_non_customized_prebuilt_rules.ts +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import expect from 'expect'; -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; -import { - createPrebuiltRuleAssetSavedObjects, - createRuleAssetSavedObject, - deleteAllPrebuiltRuleAssets, - getCustomQueryRuleParams, -} from '../../../../utils'; -import { deleteAllRules } from '../../../../../../../common/utils/security_solution'; -import { combineToNdJson } from '../../../../utils/combine_to_ndjson'; - -export default ({ getService }: FtrProviderContext): void => { - const es = getService('es'); - const securitySolutionApi = getService('securitySolutionApi'); - const supertest = getService('supertest'); - const log = getService('log'); - - describe('@ess @serverless @skipInServerlessMKI Import - Customization Enabled', () => { - beforeEach(async () => { - await deleteAllRules(supertest, log); - await deleteAllPrebuiltRuleAssets(es, log); - }); - - it(`imports non-customized prebuilt rules`, async () => { - const ruleId = 'prebuilt-rule'; - const ruleParams = getCustomQueryRuleParams({ - rule_id: ruleId, - // @ts-expect-error the API supports this param, but we only need it in {@link RuleToImport} - immutable: true, - rule_source: { type: 'external', is_customized: false }, - version: 1, - }); - const ruleAsset = createRuleAssetSavedObject(ruleParams); - - await createPrebuiltRuleAssetSavedObjects(es, [ruleAsset]); - - const ndjson = combineToNdJson(ruleParams); - - const { body } = await securitySolutionApi - .importRules({ query: {} }) - .attach('file', Buffer.from(ndjson), 'rules.ndjson') - .expect(200); - - expect(body).toMatchObject({ - success: true, - errors: [], - }); - - const { body: importedRule } = await securitySolutionApi - .readRule({ - query: { rule_id: ruleId }, - }) - .expect(200); - - expect(importedRule).toMatchObject(ruleParams); - }); - }); -}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts deleted file mode 100644 index c8582fc7c20da..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/ess_basic_license.config.ts +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrConfigProviderContext } from '@kbn/test'; - -export default async function ({ readConfigFile }: FtrConfigProviderContext) { - const functionalConfig = await readConfigFile( - require.resolve('../../../../../../../config/ess/config.base.basic') - ); - - const testConfig = { - ...functionalConfig.getAll(), - testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Rule Import Integration Tests - Importing non-customized prebuilt rules - ESS Env', - }, - }; - - return testConfig; -} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts deleted file mode 100644 index 8648e1b49387f..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/configs/serverless_essentials_tier.config.ts +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { createTestConfig } from '../../../../../../../config/serverless/config.base.essentials'; - -export default createTestConfig({ - testFiles: [require.resolve('..')], - junit: { - reportName: - 'Rules Management - Rule Import Integration Tests - Importing non-customized prebuilt rules - Serverless Env', - }, -}); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/index.ts deleted file mode 100644 index 22cd4aaeda8cf..0000000000000 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/import_non_customized_prebuilt_rules/feature_enabled/index.ts +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { FtrProviderContext } from '../../../../../../ftr_provider_context'; - -export default function ({ loadTestFile }: FtrProviderContext) { - describe('Rules Management - Rule Import API - Non-customized prebuilt rules', function () { - loadTestFile(require.resolve('./allowed_importing_non_customized_prebuilt_rules')); - }); -} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/import_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/import_rules.ts index 1d6db3ca13889..ddab8b48ff240 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/import_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/import_rules.ts @@ -1646,98 +1646,5 @@ export default ({ getService }: FtrProviderContext): void => { .expect(200); }); }); - - describe('supporting prebuilt rule customization', () => { - describe('compatibility with prebuilt rule fields', () => { - it('accepts rules with "immutable: true"', async () => { - const rule = getCustomQueryRuleParams({ - rule_id: 'rule-immutable', - // @ts-expect-error the API supports this param, but we only need it in {@link RuleToImport} - immutable: true, - }); - const ndjson = combineToNdJson(rule); - - const { body } = await supertest - .post(DETECTION_ENGINE_RULES_IMPORT_URL) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') - .attach('file', Buffer.from(ndjson), 'rules.ndjson') - .expect(200); - - expect(body).toMatchObject({ - success: true, - }); - }); - - it('imports custom rules alongside prebuilt rules', async () => { - const ndjson = combineToNdJson( - getCustomQueryRuleParams({ - rule_id: 'rule-immutable', - // @ts-expect-error the API supports the 'immutable' param, but we only need it in {@link RuleToImport} - immutable: true, - }), - // @ts-expect-error the API supports the 'immutable' param, but we only need it in {@link RuleToImport} - getCustomQueryRuleParams({ rule_id: 'custom-rule', immutable: false }) - ); - - const { body } = await supertest - .post(DETECTION_ENGINE_RULES_IMPORT_URL) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') - .attach('file', Buffer.from(ndjson), 'rules.ndjson') - .expect(200); - - expect(body).toMatchObject({ - success: true, - success_count: 2, - }); - }); - - it('allows (but ignores) rules with a value for rule_source', async () => { - const rule = getCustomQueryRuleParams({ - rule_id: 'with-rule-source', - // @ts-expect-error the API supports this param, but we only need it in {@link RuleToImport} - rule_source: { - type: 'ignored', - }, - }); - const ndjson = combineToNdJson(rule); - - const { body } = await supertest - .post(DETECTION_ENGINE_RULES_IMPORT_URL) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') - .attach('file', Buffer.from(ndjson), 'rules.ndjson') - .expect(200); - - expect(body).toMatchObject({ - success: true, - success_count: 1, - }); - - const importedRule = await fetchRule(supertest, { ruleId: 'with-rule-source' }); - - expect(importedRule.rule_source).toMatchObject({ type: 'internal' }); - }); - - it('rejects rules without a rule_id', async () => { - const rule = getCustomQueryRuleParams({}); - delete rule.rule_id; - const ndjson = combineToNdJson(rule); - - const { body } = await supertest - .post(DETECTION_ENGINE_RULES_IMPORT_URL) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') - .attach('file', Buffer.from(ndjson), 'rules.ndjson') - .expect(200); - - expect(body.errors).toHaveLength(1); - expect(body.errors[0]).toMatchObject({ - error: { message: 'rule_id: Required', status_code: 400 }, - }); - }); - }); - }); }); }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/trial_license_complete_tier/get_rule_management_filters.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/trial_license_complete_tier/get_rule_management_filters.ts index 0c7b47e9cf5cc..a69c848da282c 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/trial_license_complete_tier/get_rule_management_filters.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_management/trial_license_complete_tier/get_rule_management_filters.ts @@ -116,7 +116,12 @@ export default ({ getService }: FtrProviderContext): void => { .send() .expect(200); - expect(body.aggregated_fields.tags).to.eql(['test-tag-1', 'test-tag-2', 'test-tag-3']); + expect(body.aggregated_fields.tags).to.eql([ + 'test-tag', + 'test-tag-1', + 'test-tag-2', + 'test-tag-3', + ]); }); }); }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/prebuilt_rules/create_prebuilt_rule_saved_objects.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/prebuilt_rules/create_prebuilt_rule_saved_objects.ts index 8780bf2b49353..c8d9dd71cd373 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/prebuilt_rules/create_prebuilt_rule_saved_objects.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/prebuilt_rules/create_prebuilt_rule_saved_objects.ts @@ -53,16 +53,16 @@ export const SAMPLE_PREBUILT_RULES = [ createRuleAssetSavedObject({ ...getPrebuiltRuleWithExceptionsMock(), rule_id: ELASTIC_SECURITY_RULE_ID, - tags: ['test-tag-1'], + tags: ['test-tag', 'test-tag-1'], enabled: true, }), createRuleAssetSavedObject({ rule_id: '000047bb-b27a-47ec-8b62-ef1a5d2c9e19', - tags: ['test-tag-2'], + tags: ['test-tag', 'test-tag-2'], }), createRuleAssetSavedObject({ rule_id: '00140285-b827-4aee-aa09-8113f58a08f3', - tags: ['test-tag-3'], + tags: ['test-tag', 'test-tag-3'], }), ];