diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 1e41b6f84d5c2..3b18e25a989f8 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -841,6 +841,7 @@ x-pack/solutions/security/plugins/security_solution @elastic/security-solution x-pack/solutions/security/plugins/security_solution_serverless @elastic/security-solution x-pack/solutions/security/packages/side-nav @elastic/security-threat-hunting-investigations x-pack/solutions/security/packages/storybook/config @elastic/security-threat-hunting-investigations +x-pack/solutions/security/packages/test-api-clients @elastic/security-detection-rule-management x-pack/solutions/security/packages/upselling @elastic/security-threat-hunting-investigations x-pack/test/security_functional/plugins/test_endpoints @elastic/kibana-security x-pack/platform/packages/private/security/ui_components @elastic/kibana-security diff --git a/package.json b/package.json index c5d0c336469f4..49328bd0fa080 100644 --- a/package.json +++ b/package.json @@ -844,6 +844,7 @@ "@kbn/security-solution-serverless": "link:x-pack/solutions/security/plugins/security_solution_serverless", "@kbn/security-solution-side-nav": "link:x-pack/solutions/security/packages/side-nav", "@kbn/security-solution-storybook-config": "link:x-pack/solutions/security/packages/storybook/config", + "@kbn/security-solution-test-api-clients": "link:x-pack/solutions/security/packages/test-api-clients", "@kbn/security-solution-upselling": "link:x-pack/solutions/security/packages/upselling", "@kbn/security-test-endpoints-plugin": "link:x-pack/test/security_functional/plugins/test_endpoints", "@kbn/security-ui-components": "link:x-pack/platform/packages/private/security/ui_components", diff --git a/src/platform/packages/shared/kbn-openapi-generator/src/template_service/templates/api_client_supertest.handlebars b/src/platform/packages/shared/kbn-openapi-generator/src/template_service/templates/api_client_supertest.handlebars index 330df21d191c4..d9e9037cbe92b 100644 --- a/src/platform/packages/shared/kbn-openapi-generator/src/template_service/templates/api_client_supertest.handlebars +++ b/src/platform/packages/shared/kbn-openapi-generator/src/template_service/templates/api_client_supertest.handlebars @@ -7,20 +7,22 @@ {{> disclaimer}} +/* eslint-disable @typescript-eslint/no-duplicate-imports */ + import { ELASTIC_HTTP_VERSION_HEADER, X_ELASTIC_INTERNAL_ORIGIN_REQUEST } from '@kbn/core-http-common'; import { replaceParams } from '@kbn/openapi-common/shared'; -import { FtrProviderContext } from 'x-pack/test/api_integration/ftr_provider_context'; - -import { routeWithNamespace } from 'x-pack/test/common/utils/security_solution'; {{#each operations}} -import { +import type { {{operationId}}RequestQueryInput, {{operationId}}RequestParamsInput, {{operationId}}RequestBodyInput } from '{{replace sourcePath 'schema.yaml' 'gen'}}'; {{/each}} +import type { FtrProviderContext } from '@kbn/ftr-common-functional-services'; +import { getRouteUrlForSpace } from '@kbn/spaces-plugin/common'; + export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) { const supertest = getService('supertest'); @@ -33,14 +35,14 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) {{/if}} {{camelCase operationId}}({{#if (or requestQuery requestParams requestBody)}}props: {{operationId}}Props, {{/if}}kibanaSpace: string = 'default') { return supertest - .{{method}}(routeWithNamespace({{#if requestParams}}replaceParams('{{path}}', props.params){{else}}'{{path}}'{{/if}}, kibanaSpace)) + .{{method}}(getRouteUrlForSpace({{#if requestParams}}replaceParams('{{path}}', props.params){{else}}'{{path}}'{{/if}}, kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '{{version}}') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') {{~#if requestBody}}.send(props.body as object){{/if}} {{~#if requestQuery}}.query(props.query){{/if}} }, - {{/each}} + {{/each}} } } diff --git a/tsconfig.base.json b/tsconfig.base.json index d7b7151bc5c4c..6b6a457a95bbd 100644 --- a/tsconfig.base.json +++ b/tsconfig.base.json @@ -1676,6 +1676,8 @@ "@kbn/security-solution-side-nav/*": ["x-pack/solutions/security/packages/side-nav/*"], "@kbn/security-solution-storybook-config": ["x-pack/solutions/security/packages/storybook/config"], "@kbn/security-solution-storybook-config/*": ["x-pack/solutions/security/packages/storybook/config/*"], + "@kbn/security-solution-test-api-clients": ["x-pack/solutions/security/packages/test-api-clients"], + "@kbn/security-solution-test-api-clients/*": ["x-pack/solutions/security/packages/test-api-clients/*"], "@kbn/security-solution-upselling": ["x-pack/solutions/security/packages/upselling"], "@kbn/security-solution-upselling/*": ["x-pack/solutions/security/packages/upselling/*"], "@kbn/security-test-endpoints-plugin": ["x-pack/test/security_functional/plugins/test_endpoints"], diff --git a/x-pack/platform/plugins/shared/osquery/scripts/openapi/generate.js b/x-pack/platform/plugins/shared/osquery/scripts/openapi/generate.js index 0aec6d9a93fae..a5930d4d6da74 100644 --- a/x-pack/platform/plugins/shared/osquery/scripts/openapi/generate.js +++ b/x-pack/platform/plugins/shared/osquery/scripts/openapi/generate.js @@ -32,7 +32,7 @@ const OSQUERY_ROOT = resolve(__dirname, '../..'); bundle: { outFile: join( REPO_ROOT, - 'x-pack/test/api_integration/services/security_solution_osquery_api.gen.ts' + 'x-pack/solutions/security/packages/test-api-clients/supertest/osquery.gen.ts' ), }, }); diff --git a/x-pack/platform/plugins/shared/spaces/common/get_spaced_route_url.ts b/x-pack/platform/plugins/shared/spaces/common/get_spaced_route_url.ts new file mode 100644 index 0000000000000..ed7751506536c --- /dev/null +++ b/x-pack/platform/plugins/shared/spaces/common/get_spaced_route_url.ts @@ -0,0 +1,22 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +/** + * Wraps the provided Kibana route URL with the Kibana space ID. + * "default" space is equivalent to an empty value and doesn't lead to adding any space aware path. + * + * @param routeUrl the route url string + * @param spaceId [optional] the Kibana space to account for in the route url + * + * Examples: + * - `getRouteUrlForSpace('/api/some_endpoint')` returns `/api/some_endpoint` + * - `getRouteUrlForSpace('/api/some_endpoint', 'default')` returns `/api/some_endpoint` + * - `getRouteUrlForSpace('/api/some_endpoint', 'my_space') returns `/s/my_space/api/some_endpoint` + */ +export function getRouteUrlForSpace(routeUrl: string, spaceId?: string): string { + return spaceId ? `/s/${spaceId}${routeUrl}` : routeUrl; +} diff --git a/x-pack/platform/plugins/shared/spaces/common/index.ts b/x-pack/platform/plugins/shared/spaces/common/index.ts index 21fee91bf979d..6edce26407443 100644 --- a/x-pack/platform/plugins/shared/spaces/common/index.ts +++ b/x-pack/platform/plugins/shared/spaces/common/index.ts @@ -13,6 +13,7 @@ export { DEFAULT_SPACE_ID, API_VERSIONS, } from './constants'; +export { getRouteUrlForSpace } from './get_spaced_route_url'; export { addSpaceIdToPath, getSpaceIdFromPath } from './lib/spaces_url_parser'; export type { Space, diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-endpoint-exceptions-common/scripts/openapi_generate.js b/x-pack/solutions/security/packages/kbn-securitysolution-endpoint-exceptions-common/scripts/openapi_generate.js index 9a303c4f74bef..487d3ce16e6f8 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-endpoint-exceptions-common/scripts/openapi_generate.js +++ b/x-pack/solutions/security/packages/kbn-securitysolution-endpoint-exceptions-common/scripts/openapi_generate.js @@ -30,7 +30,7 @@ const ROOT = resolve(__dirname, '..'); bundle: { outFile: join( REPO_ROOT, - 'x-pack/test/api_integration/services/security_solution_endpoint_exceptions_api.gen.ts' + 'x-pack/solutions/security/packages/test-api-clients/supertest/endpoint_exceptions.gen.ts' ), }, }); diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/scripts/openapi_generate.js b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/scripts/openapi_generate.js index 92488001b0b3a..03568252a7ec6 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/scripts/openapi_generate.js +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exceptions-common/scripts/openapi_generate.js @@ -30,7 +30,7 @@ const ROOT = resolve(__dirname, '..'); bundle: { outFile: join( REPO_ROOT, - 'x-pack/test/api_integration/services/security_solution_exceptions_api.gen.ts' + 'x-pack/solutions/security/packages/test-api-clients/supertest/exceptions.gen.ts' ), }, }); diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-lists-common/scripts/openapi_generate.js b/x-pack/solutions/security/packages/kbn-securitysolution-lists-common/scripts/openapi_generate.js index ecda1a791e1fc..f7f69c9f06a63 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-lists-common/scripts/openapi_generate.js +++ b/x-pack/solutions/security/packages/kbn-securitysolution-lists-common/scripts/openapi_generate.js @@ -30,7 +30,7 @@ const ROOT = resolve(__dirname, '..'); bundle: { outFile: join( REPO_ROOT, - 'x-pack/test/api_integration/services/security_solution_lists_api.gen.ts' + 'x-pack/solutions/security/packages/test-api-clients/supertest/lists.gen.ts' ), }, }); diff --git a/x-pack/solutions/security/packages/test-api-clients/README.md b/x-pack/solutions/security/packages/test-api-clients/README.md new file mode 100644 index 0000000000000..b5e4e6c637c53 --- /dev/null +++ b/x-pack/solutions/security/packages/test-api-clients/README.md @@ -0,0 +1,27 @@ +# @kbn/security-solution-test-api-clients + +Auto-generated API clients for Security Solution testing. + +This package contains Supertest API clients generated from OpenAPI schemas for use in Security Solution integration tests. + +## Usage example + +Add a service to your test services configuration +```typescript +import { SecuritySolutionApiProvider } from '@kbn/security-solution-test-api-clients/supertest/detections.gen'; + +export const services = { + detectionsApi: SecuritySolutionApiProvider, + // ... other services +}; +``` + +Then use the service in your test +```typescript +export default ({ getService }: FtrProviderContext): void => { + const detectionsApi = getService('detectionsApi'); + + // ... + + detectionsApi.findRules({ query: {} }).expect(200); +``` diff --git a/x-pack/solutions/security/packages/test-api-clients/kibana.jsonc b/x-pack/solutions/security/packages/test-api-clients/kibana.jsonc new file mode 100644 index 0000000000000..982132fc2392d --- /dev/null +++ b/x-pack/solutions/security/packages/test-api-clients/kibana.jsonc @@ -0,0 +1,9 @@ +{ + "id": "@kbn/security-solution-test-api-clients", + "type": "shared-common", + "owner": [ + "@elastic/security-detection-rule-management" + ], + "group": "security", + "visibility": "private" +} \ No newline at end of file diff --git a/x-pack/solutions/security/packages/test-api-clients/package.json b/x-pack/solutions/security/packages/test-api-clients/package.json new file mode 100644 index 0000000000000..69a171c7e01f1 --- /dev/null +++ b/x-pack/solutions/security/packages/test-api-clients/package.json @@ -0,0 +1,7 @@ +{ + "name": "@kbn/security-solution-test-api-clients", + "description": "Security Solution API clients for testing", + "private": true, + "version": "1.0.0", + "license": "Elastic License 2.0" +} diff --git a/x-pack/solutions/security/packages/test-api-clients/supertest/detections.gen.ts b/x-pack/solutions/security/packages/test-api-clients/supertest/detections.gen.ts new file mode 100644 index 0000000000000..3c6dfbb3f04c7 --- /dev/null +++ b/x-pack/solutions/security/packages/test-api-clients/supertest/detections.gen.ts @@ -0,0 +1,714 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +/* + * NOTICE: Do not edit this file manually. + * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator. + * + * info: + * title: Detections API client for tests + * version: Bundle (no version) + */ + +/* eslint-disable @typescript-eslint/no-duplicate-imports */ + +import { + ELASTIC_HTTP_VERSION_HEADER, + X_ELASTIC_INTERNAL_ORIGIN_REQUEST, +} from '@kbn/core-http-common'; +import { replaceParams } from '@kbn/openapi-common/shared'; + +import type { AlertsMigrationCleanupRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals_migration/delete_signals_migration/delete_signals_migration.gen'; +import type { BulkCreateRulesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/bulk_crud/bulk_create_rules/bulk_create_rules_route.gen'; +import type { BulkDeleteRulesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/bulk_crud/bulk_delete_rules/bulk_delete_rules_route.gen'; +import type { BulkDeleteRulesPostRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/bulk_crud/bulk_delete_rules/bulk_delete_rules_route.gen'; +import type { BulkPatchRulesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/bulk_crud/bulk_patch_rules/bulk_patch_rules_route.gen'; +import type { BulkUpdateRulesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/bulk_crud/bulk_update_rules/bulk_update_rules_route.gen'; +import type { CreateAlertsMigrationRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals_migration/create_signals_migration/create_signals_migration.gen'; +import type { CreateRuleRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/create_rule/create_rule_route.gen'; +import type { DeleteRuleRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/delete_rule/delete_rule_route.gen'; +import type { + ExportRulesRequestQueryInput, + ExportRulesRequestBodyInput, +} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/export_rules/export_rules_route.gen'; +import type { FinalizeAlertsMigrationRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals_migration/finalize_signals_migration/finalize_signals_migration.gen'; +import type { FindRulesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/find_rules/find_rules_route.gen'; +import type { + GetRuleExecutionEventsRequestQueryInput, + GetRuleExecutionEventsRequestParamsInput, +} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_monitoring/rule_execution_logs/get_rule_execution_events/get_rule_execution_events_route.gen'; +import type { + GetRuleExecutionResultsRequestQueryInput, + GetRuleExecutionResultsRequestParamsInput, +} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_monitoring/rule_execution_logs/get_rule_execution_results/get_rule_execution_results_route.gen'; +import type { ImportRulesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/import_rules/import_rules_route.gen'; +import type { PatchRuleRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/patch_rule/patch_rule_route.gen'; +import type { + PerformRulesBulkActionRequestQueryInput, + PerformRulesBulkActionRequestBodyInput, +} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.gen'; +import type { ReadAlertsMigrationStatusRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals_migration/read_signals_migration_status/read_signals_migration_status.gen'; +import type { ReadRuleRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/read_rule/read_rule_route.gen'; +import type { + RulePreviewRequestQueryInput, + RulePreviewRequestBodyInput, +} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_preview/rule_preview.gen'; +import type { SearchAlertsRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals/query_signals/query_signals_route.gen'; +import type { SetAlertAssigneesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/alert_assignees/set_alert_assignees_route.gen'; +import type { SetAlertsStatusRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.gen'; +import type { SetAlertTagsRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/alert_tags/set_alert_tags/set_alert_tags.gen'; +import type { SuggestUserProfilesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/users/suggest_user_profiles_route.gen'; +import type { UpdateRuleRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/update_rule/update_rule_route.gen'; + +import type { FtrProviderContext } from '@kbn/ftr-common-functional-services'; +import { getRouteUrlForSpace } from '@kbn/spaces-plugin/common'; + +export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) { + const supertest = getService('supertest'); + + return { + /** + * Migrations favor data integrity over shard size. Consequently, unused or orphaned indices are artifacts of +the migration process. A successful migration will result in both the old and new indices being present. +As such, the old, orphaned index can (and likely should) be deleted. + +While you can delete these indices manually, +the endpoint accomplishes this task by applying a deletion policy to the relevant index, causing it to be deleted +after 30 days. It also deletes other artifacts specific to the migration implementation. + + */ + alertsMigrationCleanup(props: AlertsMigrationCleanupProps, kibanaSpace: string = 'default') { + return supertest + .delete(getRouteUrlForSpace('/api/detection_engine/signals/migration', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Ensures that the packages needed for prebuilt detection rules to work are installed and up to date + */ + bootstrapPrebuiltRules(kibanaSpace: string = 'default') { + return supertest + .post( + getRouteUrlForSpace('/internal/detection_engine/prebuilt_rules/_bootstrap', kibanaSpace) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Create new detection rules in bulk. +> warn +> This API is deprecated and will be removed in Kibana v9.0. + +> warn +> When used with [API key](https://www.elastic.co/guide/en/kibana/current/api-keys.html) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. + +> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. + + */ + bulkCreateRules(props: BulkCreateRulesProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/detection_engine/rules/_bulk_create', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Delete detection rules in bulk. +> warn +> This API is deprecated and will be removed in Kibana v9.0. + + */ + bulkDeleteRules(props: BulkDeleteRulesProps, kibanaSpace: string = 'default') { + return supertest + .delete(getRouteUrlForSpace('/api/detection_engine/rules/_bulk_delete', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Delete detection rules in bulk. +> warn +> This API is deprecated and will be removed in Kibana v9.0. + + */ + bulkDeleteRulesPost(props: BulkDeleteRulesPostProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/detection_engine/rules/_bulk_delete', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Update specific fields of existing detection rules using the `rule_id` or `id` field. +> warn +> This API is deprecated and will be removed in Kibana v9.0. + +> warn +> When used with [API key](https://www.elastic.co/guide/en/kibana/current/api-keys.html) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. + +> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. + + */ + bulkPatchRules(props: BulkPatchRulesProps, kibanaSpace: string = 'default') { + return supertest + .patch(getRouteUrlForSpace('/api/detection_engine/rules/_bulk_update', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Update multiple detection rules using the `rule_id` or `id` field. The original rules are replaced, and all unspecified fields are deleted. +> warn +> This API is deprecated and will be removed in Kibana v9.0. + +> warn +> When used with [API key](https://www.elastic.co/guide/en/kibana/current/api-keys.html) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. + +> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. + + */ + bulkUpdateRules(props: BulkUpdateRulesProps, kibanaSpace: string = 'default') { + return supertest + .put(getRouteUrlForSpace('/api/detection_engine/rules/_bulk_update', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + createAlertsIndex(kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/detection_engine/index', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Initiate a migration of detection alerts. +Migrations are initiated per index. While the process is neither destructive nor interferes with existing data, it may be resource-intensive. As such, it is recommended that you plan your migrations accordingly. + + */ + createAlertsMigration(props: CreateAlertsMigrationProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/detection_engine/signals/migration', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Create a new detection rule. +> warn +> When used with [API key](https://www.elastic.co/guide/en/kibana/current/api-keys.html) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. + +> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. + +You can create the following types of rules: + +* **Custom query**: Searches the defined indices and creates an alert when a document matches the rule's KQL query. +* **Event correlation**: Searches the defined indices and creates an alert when results match an [Event Query Language (EQL)](https://www.elastic.co/guide/en/elasticsearch/reference/current/eql.html) query. +* **Threshold**: Searches the defined indices and creates an alert when the number of times the specified field's value meets the threshold during a single execution. When there are multiple values that meet the threshold, an alert is generated for each value. + For example, if the threshold `field` is `source.ip` and its `value` is `10`, an alert is generated for every source IP address that appears in at least 10 of the rule's search results. If you're interested, see [Terms Aggregation](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-terms-aggregation.html) for more information. +* **Indicator match**: Creates an alert when fields match values defined in the specified [Elasticsearch index](https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-create-index.html). For example, you can create an index for IP addresses and use this index to create an alert whenever an event's `destination.ip` equals a value in the index. The index's field mappings should be [ECS-compliant](https://www.elastic.co/guide/en/ecs/current/ecs-reference.html). +* **New terms**: Generates an alert for each new term detected in source documents within a specified time range. +* **ES|QL**: Uses [Elasticsearch Query Language (ES|QL)](https://www.elastic.co/guide/en/elasticsearch/reference/current/esql.html) to find events and aggregate search results. +* **Machine learning rules**: Creates an alert when a machine learning job discovers an anomaly above the defined threshold. +> info +> To create machine learning rules, you must have the [appropriate license](https://www.elastic.co/subscriptions) or use a [cloud deployment](https://cloud.elastic.co/registration). Additionally, for the machine learning rule to function correctly, the associated machine learning job must be running. + +To retrieve machine learning job IDs, which are required to create machine learning jobs, call the [Elasticsearch Get jobs API](https://www.elastic.co/guide/en/elasticsearch/reference/current/ml-get-job.html). Machine learning jobs that contain `siem` in the `groups` field can be used to create rules: + +```json +... +"job_id": "linux_anomalous_network_activity_ecs", +"job_type": "anomaly_detector", +"job_version": "7.7.0", +"groups": [ + "auditbeat", + "process", + "siem" +], +... +``` + +Additionally, you can set up notifications for when rules create alerts. The notifications use the [Alerting and Actions framework](https://www.elastic.co/guide/en/kibana/current/alerting-getting-started.html). Each action type requires a connector. Connectors store the information required to send notifications via external systems. The following connector types are supported for rule notifications: + +* Slack +* Email +* PagerDuty +* Webhook +* Microsoft Teams +* IBM Resilient +* Jira +* ServiceNow ITSM +> info +> For more information on PagerDuty fields, see [Send a v2 Event](https://developer.pagerduty.com/docs/events-api-v2/trigger-events/). + +To retrieve connector IDs, which are required to configure rule notifications, call the [Find objects API](https://www.elastic.co/guide/en/kibana/current/saved-objects-api-find.html) with `"type": "action"` in the request payload. + +For detailed information on Kibana actions and alerting, and additional API calls, see: + +* [Alerting API](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-alerting) +* [Alerting and Actions framework](https://www.elastic.co/guide/en/kibana/current/alerting-getting-started.html) +* [Connectors API](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-connectors) + + */ + createRule(props: CreateRuleProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/detection_engine/rules', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + deleteAlertsIndex(kibanaSpace: string = 'default') { + return supertest + .delete(getRouteUrlForSpace('/api/detection_engine/index', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Delete a detection rule using the `rule_id` or `id` field. + +The URL query must include one of the following: + +* `id` - `DELETE /api/detection_engine/rules?id=` +* `rule_id`- `DELETE /api/detection_engine/rules?rule_id=` + +The difference between the `id` and `rule_id` is that the `id` is a unique rule identifier that is randomly generated when a rule is created and cannot be set, whereas `rule_id` is a stable rule identifier that can be assigned during rule creation. + + */ + deleteRule(props: DeleteRuleProps, kibanaSpace: string = 'default') { + return supertest + .delete(getRouteUrlForSpace('/api/detection_engine/rules', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + /** + * Export detection rules to an `.ndjson` file. The following configuration items are also included in the `.ndjson` file: +- Actions +- Exception lists +> info +> Rule actions and connectors are included in the exported file, but sensitive information about the connector (such as authentication credentials) is not included. You must re-add missing connector details after importing detection rules. + +> You can use Kibana’s [Saved Objects](https://www.elastic.co/guide/en/kibana/current/managing-saved-objects.html) UI (Stack Management → Kibana → Saved Objects) or the Saved Objects APIs (experimental) to [export](https://www.elastic.co/docs/api/doc/kibana/operation/operation-exportsavedobjectsdefault) and [import](https://www.elastic.co/docs/api/doc/kibana/operation/operation-importsavedobjectsdefault) any necessary connectors before importing detection rules. + +> Similarly, any value lists used for rule exceptions are not included in rule exports or imports. Use the [Manage value lists](https://www.elastic.co/guide/en/security/current/value-lists-exceptions.html#manage-value-lists) UI (Rules → Detection rules (SIEM) → Manage value lists) to export and import value lists separately. + + */ + exportRules(props: ExportRulesProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/detection_engine/rules/_export', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object) + .query(props.query); + }, + /** + * Finalize successful migrations of detection alerts. This replaces the original index's alias with the successfully migrated index's alias. +The endpoint is idempotent; therefore, it can safely be used to poll a given migration and, upon completion, +finalize it. + + */ + finalizeAlertsMigration(props: FinalizeAlertsMigrationProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/detection_engine/signals/finalize_migration', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Retrieve a paginated list of detection rules. By default, the first page is returned, with 20 results per page. + */ + findRules(props: FindRulesProps, kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/detection_engine/rules/_find', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + getRuleExecutionEvents(props: GetRuleExecutionEventsProps, kibanaSpace: string = 'default') { + return supertest + .put( + getRouteUrlForSpace( + replaceParams( + '/internal/detection_engine/rules/{ruleId}/execution/events', + props.params + ), + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + getRuleExecutionResults(props: GetRuleExecutionResultsProps, kibanaSpace: string = 'default') { + return supertest + .put( + getRouteUrlForSpace( + replaceParams( + '/internal/detection_engine/rules/{ruleId}/execution/results', + props.params + ), + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + /** + * Import detection rules from an `.ndjson` file, including actions and exception lists. The request must include: +- The `Content-Type: multipart/form-data` HTTP header. +- A link to the `.ndjson` file containing the rules. +> warn +> When used with [API key](https://www.elastic.co/guide/en/kibana/current/api-keys.html) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. + +> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. +> info +> To import rules with actions, you need at least Read privileges for the Action and Connectors feature. To overwrite or add new connectors, you need All privileges for the Actions and Connectors feature. To import rules without actions, you don’t need Actions and Connectors privileges. Refer to [Enable and access detections](https://www.elastic.co/guide/en/security/current/detections-permissions-section.html#enable-detections-ui) for more information. + +> info +> Rule actions and connectors are included in the exported file, but sensitive information about the connector (such as authentication credentials) is not included. You must re-add missing connector details after importing detection rules. + +> You can use Kibana’s [Saved Objects](https://www.elastic.co/guide/en/kibana/current/managing-saved-objects.html) UI (Stack Management → Kibana → Saved Objects) or the Saved Objects APIs (experimental) to [export](https://www.elastic.co/docs/api/doc/kibana/operation/operation-exportsavedobjectsdefault) and [import](https://www.elastic.co/docs/api/doc/kibana/operation/operation-importsavedobjectsdefault) any necessary connectors before importing detection rules. + +> Similarly, any value lists used for rule exceptions are not included in rule exports or imports. Use the [Manage value lists](https://www.elastic.co/guide/en/security/current/value-lists-exceptions.html#manage-value-lists) UI (Rules → Detection rules (SIEM) → Manage value lists) to export and import value lists separately. + + */ + importRules(props: ImportRulesProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/detection_engine/rules/_import', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + /** + * Install and update all Elastic prebuilt detection rules and Timelines. + +This endpoint allows you to install and update prebuilt detection rules and Timelines provided by Elastic. +When you call this endpoint, it will: +- Install any new prebuilt detection rules that are not currently installed in your system. +- Update any existing prebuilt detection rules that have been modified or improved by Elastic. +- Install any new prebuilt Timelines that are not currently installed in your system. +- Update any existing prebuilt Timelines that have been modified or improved by Elastic. + +This ensures that your detection engine is always up-to-date with the latest rules and Timelines, +providing you with the most current and effective threat detection capabilities. + + */ + installPrebuiltRulesAndTimelines(kibanaSpace: string = 'default') { + return supertest + .put(getRouteUrlForSpace('/api/detection_engine/rules/prepackaged', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Update specific fields of an existing detection rule using the `rule_id` or `id` field. + +The difference between the `id` and `rule_id` is that the `id` is a unique rule identifier that is randomly generated when a rule is created and cannot be set, whereas `rule_id` is a stable rule identifier that can be assigned during rule creation. +> warn +> When used with [API key](https://www.elastic.co/guide/en/kibana/current/api-keys.html) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. + +> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. + + */ + patchRule(props: PatchRuleProps, kibanaSpace: string = 'default') { + return supertest + .patch(getRouteUrlForSpace('/api/detection_engine/rules', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Apply a bulk action, such as bulk edit, duplicate, or delete, to multiple detection rules. The bulk action is applied to all rules that match the query or to the rules listed by their IDs. + +The edit action allows you to add, delete, or set tags, index patterns, investigation fields, rule actions and schedules for multiple rules at once. +The edit action is idempotent, meaning that if you add a tag to a rule that already has that tag, no changes are made. The same is true for other edit actions, for example removing an index pattern that is not specified in a rule will not result in any changes. The only exception is the `add_rule_actions` and `set_rule_actions` action, which is non-idempotent. This means that if you add or set a rule action to a rule that already has that action, a new action is created with a new unique ID. +> warn +> When used with [API key](https://www.elastic.co/guide/en/kibana/current/api-keys.html) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. + +> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. + + */ + performRulesBulkAction(props: PerformRulesBulkActionProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/detection_engine/rules/_bulk_action', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object) + .query(props.query); + }, + readAlertsIndex(kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/detection_engine/index', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Retrieve indices that contain detection alerts of a particular age, along with migration information for each of those indices. + */ + readAlertsMigrationStatus( + props: ReadAlertsMigrationStatusProps, + kibanaSpace: string = 'default' + ) { + return supertest + .get(getRouteUrlForSpace('/api/detection_engine/signals/migration_status', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + /** + * Retrieve the status of all Elastic prebuilt detection rules and Timelines. + +This endpoint provides detailed information about the number of custom rules, installed prebuilt rules, available prebuilt rules that are not installed, outdated prebuilt rules, installed prebuilt timelines, available prebuilt timelines that are not installed, and outdated prebuilt timelines. + + */ + readPrebuiltRulesAndTimelinesStatus(kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/detection_engine/rules/prepackaged/_status', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Retrieves whether or not the user is authenticated, and the user's Kibana +space and index privileges, which determine if the user can create an +index for the Elastic Security alerts generated by +detection engine rules. + + */ + readPrivileges(kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/detection_engine/privileges', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Retrieve a detection rule using the `rule_id` or `id` field. + +The URL query must include one of the following: + +* `id` - `GET /api/detection_engine/rules?id=` +* `rule_id` - `GET /api/detection_engine/rules?rule_id=` + +The difference between the `id` and `rule_id` is that the `id` is a unique rule identifier that is randomly generated when a rule is created and cannot be set, whereas `rule_id` is a stable rule identifier that can be assigned during rule creation. + + */ + readRule(props: ReadRuleProps, kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/detection_engine/rules', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + /** + * List all unique tags from all detection rules. + */ + readTags(kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/detection_engine/tags', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + rulePreview(props: RulePreviewProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/detection_engine/rules/preview', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object) + .query(props.query); + }, + /** + * Find and/or aggregate detection alerts that match the given query. + */ + searchAlerts(props: SearchAlertsProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/detection_engine/signals/search', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Assign users to detection alerts, and unassign them from alerts. +> info +> You cannot add and remove the same assignee in the same request. + + */ + setAlertAssignees(props: SetAlertAssigneesProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/detection_engine/signals/assignees', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Set the status of one or more detection alerts. + */ + setAlertsStatus(props: SetAlertsStatusProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/detection_engine/signals/status', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * And tags to detection alerts, and remove them from alerts. +> info +> You cannot add and remove the same alert tag in the same request. + + */ + setAlertTags(props: SetAlertTagsProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/detection_engine/signals/tags', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Suggests user profiles. + */ + suggestUserProfiles(props: SuggestUserProfilesProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/internal/detection_engine/users/_find', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + /** + * Update a detection rule using the `rule_id` or `id` field. The original rule is replaced, and all unspecified fields are deleted. + +The difference between the `id` and `rule_id` is that the `id` is a unique rule identifier that is randomly generated when a rule is created and cannot be set, whereas `rule_id` is a stable rule identifier that can be assigned during rule creation. +> warn +> When used with [API key](https://www.elastic.co/guide/en/kibana/current/api-keys.html) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. + +> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. + + */ + updateRule(props: UpdateRuleProps, kibanaSpace: string = 'default') { + return supertest + .put(getRouteUrlForSpace('/api/detection_engine/rules', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + }; +} + +export interface AlertsMigrationCleanupProps { + body: AlertsMigrationCleanupRequestBodyInput; +} +export interface BulkCreateRulesProps { + body: BulkCreateRulesRequestBodyInput; +} +export interface BulkDeleteRulesProps { + body: BulkDeleteRulesRequestBodyInput; +} +export interface BulkDeleteRulesPostProps { + body: BulkDeleteRulesPostRequestBodyInput; +} +export interface BulkPatchRulesProps { + body: BulkPatchRulesRequestBodyInput; +} +export interface BulkUpdateRulesProps { + body: BulkUpdateRulesRequestBodyInput; +} +export interface CreateAlertsMigrationProps { + body: CreateAlertsMigrationRequestBodyInput; +} +export interface CreateRuleProps { + body: CreateRuleRequestBodyInput; +} +export interface DeleteRuleProps { + query: DeleteRuleRequestQueryInput; +} +export interface ExportRulesProps { + query: ExportRulesRequestQueryInput; + body: ExportRulesRequestBodyInput; +} +export interface FinalizeAlertsMigrationProps { + body: FinalizeAlertsMigrationRequestBodyInput; +} +export interface FindRulesProps { + query: FindRulesRequestQueryInput; +} +export interface GetRuleExecutionEventsProps { + query: GetRuleExecutionEventsRequestQueryInput; + params: GetRuleExecutionEventsRequestParamsInput; +} +export interface GetRuleExecutionResultsProps { + query: GetRuleExecutionResultsRequestQueryInput; + params: GetRuleExecutionResultsRequestParamsInput; +} +export interface ImportRulesProps { + query: ImportRulesRequestQueryInput; +} +export interface PatchRuleProps { + body: PatchRuleRequestBodyInput; +} +export interface PerformRulesBulkActionProps { + query: PerformRulesBulkActionRequestQueryInput; + body: PerformRulesBulkActionRequestBodyInput; +} +export interface ReadAlertsMigrationStatusProps { + query: ReadAlertsMigrationStatusRequestQueryInput; +} +export interface ReadRuleProps { + query: ReadRuleRequestQueryInput; +} +export interface RulePreviewProps { + query: RulePreviewRequestQueryInput; + body: RulePreviewRequestBodyInput; +} +export interface SearchAlertsProps { + body: SearchAlertsRequestBodyInput; +} +export interface SetAlertAssigneesProps { + body: SetAlertAssigneesRequestBodyInput; +} +export interface SetAlertsStatusProps { + body: SetAlertsStatusRequestBodyInput; +} +export interface SetAlertTagsProps { + body: SetAlertTagsRequestBodyInput; +} +export interface SuggestUserProfilesProps { + query: SuggestUserProfilesRequestQueryInput; +} +export interface UpdateRuleProps { + body: UpdateRuleRequestBodyInput; +} diff --git a/x-pack/test/api_integration/services/security_solution_endpoint_exceptions_api.gen.ts b/x-pack/solutions/security/packages/test-api-clients/supertest/endpoint_exceptions.gen.ts similarity index 72% rename from x-pack/test/api_integration/services/security_solution_endpoint_exceptions_api.gen.ts rename to x-pack/solutions/security/packages/test-api-clients/supertest/endpoint_exceptions.gen.ts index 9827e48ad5a00..82320fc2df5d9 100644 --- a/x-pack/test/api_integration/services/security_solution_endpoint_exceptions_api.gen.ts +++ b/x-pack/solutions/security/packages/test-api-clients/supertest/endpoint_exceptions.gen.ts @@ -19,13 +19,14 @@ import { X_ELASTIC_INTERNAL_ORIGIN_REQUEST, } from '@kbn/core-http-common'; -import { CreateEndpointListItemRequestBodyInput } from '@kbn/securitysolution-endpoint-exceptions-common/api/create_endpoint_list_item/create_endpoint_list_item.gen'; -import { DeleteEndpointListItemRequestQueryInput } from '@kbn/securitysolution-endpoint-exceptions-common/api/delete_endpoint_list_item/delete_endpoint_list_item.gen'; -import { FindEndpointListItemsRequestQueryInput } from '@kbn/securitysolution-endpoint-exceptions-common/api/find_endpoint_list_item/find_endpoint_list_item.gen'; -import { ReadEndpointListItemRequestQueryInput } from '@kbn/securitysolution-endpoint-exceptions-common/api/read_endpoint_list_item/read_endpoint_list_item.gen'; -import { UpdateEndpointListItemRequestBodyInput } from '@kbn/securitysolution-endpoint-exceptions-common/api/update_endpoint_list_item/update_endpoint_list_item.gen'; -import { routeWithNamespace } from '../../common/utils/security_solution'; -import { FtrProviderContext } from '../ftr_provider_context'; +import type { CreateEndpointListItemRequestBodyInput } from '@kbn/securitysolution-endpoint-exceptions-common/api/create_endpoint_list_item/create_endpoint_list_item.gen'; +import type { DeleteEndpointListItemRequestQueryInput } from '@kbn/securitysolution-endpoint-exceptions-common/api/delete_endpoint_list_item/delete_endpoint_list_item.gen'; +import type { FindEndpointListItemsRequestQueryInput } from '@kbn/securitysolution-endpoint-exceptions-common/api/find_endpoint_list_item/find_endpoint_list_item.gen'; +import type { ReadEndpointListItemRequestQueryInput } from '@kbn/securitysolution-endpoint-exceptions-common/api/read_endpoint_list_item/read_endpoint_list_item.gen'; +import type { UpdateEndpointListItemRequestBodyInput } from '@kbn/securitysolution-endpoint-exceptions-common/api/update_endpoint_list_item/update_endpoint_list_item.gen'; + +import type { FtrProviderContext } from '@kbn/ftr-common-functional-services'; +import { getRouteUrlForSpace } from '@kbn/spaces-plugin/common'; export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) { const supertest = getService('supertest'); @@ -36,7 +37,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) */ createEndpointList(kibanaSpace: string = 'default') { return supertest - .post(routeWithNamespace('/api/endpoint_list', kibanaSpace)) + .post(getRouteUrlForSpace('/api/endpoint_list', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); @@ -46,7 +47,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) */ createEndpointListItem(props: CreateEndpointListItemProps, kibanaSpace: string = 'default') { return supertest - .post(routeWithNamespace('/api/endpoint_list/items', kibanaSpace)) + .post(getRouteUrlForSpace('/api/endpoint_list/items', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -57,7 +58,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) */ deleteEndpointListItem(props: DeleteEndpointListItemProps, kibanaSpace: string = 'default') { return supertest - .delete(routeWithNamespace('/api/endpoint_list/items', kibanaSpace)) + .delete(getRouteUrlForSpace('/api/endpoint_list/items', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -68,7 +69,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) */ findEndpointListItems(props: FindEndpointListItemsProps, kibanaSpace: string = 'default') { return supertest - .get(routeWithNamespace('/api/endpoint_list/items/_find', kibanaSpace)) + .get(getRouteUrlForSpace('/api/endpoint_list/items/_find', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -79,7 +80,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) */ readEndpointListItem(props: ReadEndpointListItemProps, kibanaSpace: string = 'default') { return supertest - .get(routeWithNamespace('/api/endpoint_list/items', kibanaSpace)) + .get(getRouteUrlForSpace('/api/endpoint_list/items', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -90,7 +91,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) */ updateEndpointListItem(props: UpdateEndpointListItemProps, kibanaSpace: string = 'default') { return supertest - .put(routeWithNamespace('/api/endpoint_list/items', kibanaSpace)) + .put(getRouteUrlForSpace('/api/endpoint_list/items', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') diff --git a/x-pack/solutions/security/packages/test-api-clients/supertest/endpoint_management.gen.ts b/x-pack/solutions/security/packages/test-api-clients/supertest/endpoint_management.gen.ts new file mode 100644 index 0000000000000..95a3a7c669a2e --- /dev/null +++ b/x-pack/solutions/security/packages/test-api-clients/supertest/endpoint_management.gen.ts @@ -0,0 +1,470 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +/* + * NOTICE: Do not edit this file manually. + * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator. + * + * info: + * title: Endpoint Management API client for tests + * version: Bundle (no version) + */ + +/* eslint-disable @typescript-eslint/no-duplicate-imports */ + +import { + ELASTIC_HTTP_VERSION_HEADER, + X_ELASTIC_INTERNAL_ORIGIN_REQUEST, +} from '@kbn/core-http-common'; +import { replaceParams } from '@kbn/openapi-common/shared'; + +import type { + CreateUpdateProtectionUpdatesNoteRequestParamsInput, + CreateUpdateProtectionUpdatesNoteRequestBodyInput, +} from '@kbn/security-solution-plugin/common/api/endpoint/protection_updates_note/protection_updates_note.gen'; +import type { EndpointExecuteActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/execute/execute.gen'; +import type { EndpointFileDownloadRequestParamsInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/file_download/file_download.gen'; +import type { EndpointFileInfoRequestParamsInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/file_info/file_info.gen'; +import type { EndpointGetActionsDetailsRequestParamsInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/details/details.gen'; +import type { EndpointGetActionsListRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/list/list.gen'; +import type { EndpointGetActionsStatusRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/status/status.gen'; +import type { EndpointGetFileActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/get_file/get_file.gen'; +import type { EndpointGetProcessesActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/running_procs/running_procs.gen'; +import type { EndpointIsolateActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/isolate/isolate.gen'; +import type { EndpointIsolateRedirectRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/isolate/deprecated_isolate.gen'; +import type { EndpointKillProcessActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/kill_process/kill_process.gen'; +import type { EndpointScanActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/scan/scan.gen'; +import type { EndpointSuspendProcessActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/suspend_process/suspend_process.gen'; +import type { EndpointUnisolateActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/unisolate/unisolate.gen'; +import type { EndpointUnisolateRedirectRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/unisolate/deprecated_unisolate.gen'; +import type { GetAgentPolicySummaryRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/policy/deprecated_agent_policy_summary.gen'; +import type { GetEndpointMetadataListRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/metadata/get_metadata.gen'; +import type { + GetEndpointSuggestionsRequestParamsInput, + GetEndpointSuggestionsRequestBodyInput, +} from '@kbn/security-solution-plugin/common/api/endpoint/suggestions/get_suggestions.gen'; +import type { GetPolicyResponseRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/policy/policy_response.gen'; +import type { GetProtectionUpdatesNoteRequestParamsInput } from '@kbn/security-solution-plugin/common/api/endpoint/protection_updates_note/protection_updates_note.gen'; +import type { GetWorkflowInsightsRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/workflow_insights/workflow_insights.gen'; +import type { RunScriptActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/run_script/run_script.gen'; +import type { + UpdateWorkflowInsightRequestParamsInput, + UpdateWorkflowInsightRequestBodyInput, +} from '@kbn/security-solution-plugin/common/api/endpoint/workflow_insights/workflow_insights.gen'; + +import type { FtrProviderContext } from '@kbn/ftr-common-functional-services'; +import { getRouteUrlForSpace } from '@kbn/spaces-plugin/common'; + +export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) { + const supertest = getService('supertest'); + + return { + createUpdateProtectionUpdatesNote( + props: CreateUpdateProtectionUpdatesNoteProps, + kibanaSpace: string = 'default' + ) { + return supertest + .post( + getRouteUrlForSpace( + replaceParams( + '/api/endpoint/protection_updates_note/{package_policy_id}', + props.params + ), + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Run a shell command on an endpoint. + */ + endpointExecuteAction(props: EndpointExecuteActionProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/endpoint/action/execute', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Download a file from an endpoint. + */ + endpointFileDownload(props: EndpointFileDownloadProps, kibanaSpace: string = 'default') { + return supertest + .get( + getRouteUrlForSpace( + replaceParams('/api/endpoint/action/{action_id}/file/{file_id}/download', props.params), + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Get information for the specified file using the file ID. + */ + endpointFileInfo(props: EndpointFileInfoProps, kibanaSpace: string = 'default') { + return supertest + .get( + getRouteUrlForSpace( + replaceParams('/api/endpoint/action/{action_id}/file/{file_id}', props.params), + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Get the details of a response action using the action ID. + */ + endpointGetActionsDetails( + props: EndpointGetActionsDetailsProps, + kibanaSpace: string = 'default' + ) { + return supertest + .get( + getRouteUrlForSpace( + replaceParams('/api/endpoint/action/{action_id}', props.params), + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Get a list of all response actions. + */ + endpointGetActionsList(props: EndpointGetActionsListProps, kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/endpoint/action', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + /** + * Get a response actions state, which reports whether encryption is enabled. + */ + endpointGetActionsState(kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/endpoint/action/state', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Get the status of response actions for the specified agent IDs. + */ + endpointGetActionsStatus( + props: EndpointGetActionsStatusProps, + kibanaSpace: string = 'default' + ) { + return supertest + .get(getRouteUrlForSpace('/api/endpoint/action_status', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + /** + * Get a file from an endpoint. + */ + endpointGetFileAction(props: EndpointGetFileActionProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/endpoint/action/get_file', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Get a list of all processes running on an endpoint. + */ + endpointGetProcessesAction( + props: EndpointGetProcessesActionProps, + kibanaSpace: string = 'default' + ) { + return supertest + .post(getRouteUrlForSpace('/api/endpoint/action/running_procs', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Isolate an endpoint from the network. The endpoint remains isolated until it's released. + */ + endpointIsolateAction(props: EndpointIsolateActionProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/endpoint/action/isolate', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Isolate an endpoint from the network. +> info +> This URL will return a 308 permanent redirect to `POST :/api/endpoint/action/isolate`. + + */ + endpointIsolateRedirect(props: EndpointIsolateRedirectProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/endpoint/isolate', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Terminate a running process on an endpoint. + */ + endpointKillProcessAction( + props: EndpointKillProcessActionProps, + kibanaSpace: string = 'default' + ) { + return supertest + .post(getRouteUrlForSpace('/api/endpoint/action/kill_process', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Scan a specific file or directory on an endpoint for malware. + */ + endpointScanAction(props: EndpointScanActionProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/endpoint/action/scan', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Suspend a running process on an endpoint. + */ + endpointSuspendProcessAction( + props: EndpointSuspendProcessActionProps, + kibanaSpace: string = 'default' + ) { + return supertest + .post(getRouteUrlForSpace('/api/endpoint/action/suspend_process', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Release an isolated endpoint, allowing it to rejoin a network. + */ + endpointUnisolateAction(props: EndpointUnisolateActionProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/endpoint/action/unisolate', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Release an isolated endpoint, allowing it to rejoin a network. +> info +> This URL will return a 308 permanent redirect to `POST :/api/endpoint/action/unisolate`. + + */ + endpointUnisolateRedirect( + props: EndpointUnisolateRedirectProps, + kibanaSpace: string = 'default' + ) { + return supertest + .post(getRouteUrlForSpace('/api/endpoint/unisolate', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Upload a file to an endpoint. + */ + endpointUploadAction(kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/endpoint/action/upload', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + getAgentPolicySummary(props: GetAgentPolicySummaryProps, kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/endpoint/policy/summaries', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + getEndpointMetadataList(props: GetEndpointMetadataListProps, kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/endpoint/metadata', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + getEndpointSuggestions(props: GetEndpointSuggestionsProps, kibanaSpace: string = 'default') { + return supertest + .post( + getRouteUrlForSpace( + replaceParams('/api/endpoint/suggestions/{suggestion_type}', props.params), + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + getPolicyResponse(props: GetPolicyResponseProps, kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/endpoint/policy_response', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + getProtectionUpdatesNote( + props: GetProtectionUpdatesNoteProps, + kibanaSpace: string = 'default' + ) { + return supertest + .get( + getRouteUrlForSpace( + replaceParams( + '/api/endpoint/protection_updates_note/{package_policy_id}', + props.params + ), + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + getWorkflowInsights(props: GetWorkflowInsightsProps, kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/internal/api/endpoint/workflow_insights', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + /** + * Run a shell command on an endpoint. + */ + runScriptAction(props: RunScriptActionProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/endpoint/action/runscript', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + updateWorkflowInsight(props: UpdateWorkflowInsightProps, kibanaSpace: string = 'default') { + return supertest + .put( + getRouteUrlForSpace( + replaceParams('/internal/api/endpoint/workflow_insights/{insightId}', props.params), + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + }; +} + +export interface CreateUpdateProtectionUpdatesNoteProps { + params: CreateUpdateProtectionUpdatesNoteRequestParamsInput; + body: CreateUpdateProtectionUpdatesNoteRequestBodyInput; +} +export interface EndpointExecuteActionProps { + body: EndpointExecuteActionRequestBodyInput; +} +export interface EndpointFileDownloadProps { + params: EndpointFileDownloadRequestParamsInput; +} +export interface EndpointFileInfoProps { + params: EndpointFileInfoRequestParamsInput; +} +export interface EndpointGetActionsDetailsProps { + params: EndpointGetActionsDetailsRequestParamsInput; +} +export interface EndpointGetActionsListProps { + query: EndpointGetActionsListRequestQueryInput; +} +export interface EndpointGetActionsStatusProps { + query: EndpointGetActionsStatusRequestQueryInput; +} +export interface EndpointGetFileActionProps { + body: EndpointGetFileActionRequestBodyInput; +} +export interface EndpointGetProcessesActionProps { + body: EndpointGetProcessesActionRequestBodyInput; +} +export interface EndpointIsolateActionProps { + body: EndpointIsolateActionRequestBodyInput; +} +export interface EndpointIsolateRedirectProps { + body: EndpointIsolateRedirectRequestBodyInput; +} +export interface EndpointKillProcessActionProps { + body: EndpointKillProcessActionRequestBodyInput; +} +export interface EndpointScanActionProps { + body: EndpointScanActionRequestBodyInput; +} +export interface EndpointSuspendProcessActionProps { + body: EndpointSuspendProcessActionRequestBodyInput; +} +export interface EndpointUnisolateActionProps { + body: EndpointUnisolateActionRequestBodyInput; +} +export interface EndpointUnisolateRedirectProps { + body: EndpointUnisolateRedirectRequestBodyInput; +} +export interface GetAgentPolicySummaryProps { + query: GetAgentPolicySummaryRequestQueryInput; +} +export interface GetEndpointMetadataListProps { + query: GetEndpointMetadataListRequestQueryInput; +} +export interface GetEndpointSuggestionsProps { + params: GetEndpointSuggestionsRequestParamsInput; + body: GetEndpointSuggestionsRequestBodyInput; +} +export interface GetPolicyResponseProps { + query: GetPolicyResponseRequestQueryInput; +} +export interface GetProtectionUpdatesNoteProps { + params: GetProtectionUpdatesNoteRequestParamsInput; +} +export interface GetWorkflowInsightsProps { + query: GetWorkflowInsightsRequestQueryInput; +} +export interface RunScriptActionProps { + body: RunScriptActionRequestBodyInput; +} +export interface UpdateWorkflowInsightProps { + params: UpdateWorkflowInsightRequestParamsInput; + body: UpdateWorkflowInsightRequestBodyInput; +} diff --git a/x-pack/solutions/security/packages/test-api-clients/supertest/entity_analytics.gen.ts b/x-pack/solutions/security/packages/test-api-clients/supertest/entity_analytics.gen.ts new file mode 100644 index 0000000000000..007666d4e5d5d --- /dev/null +++ b/x-pack/solutions/security/packages/test-api-clients/supertest/entity_analytics.gen.ts @@ -0,0 +1,453 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +/* + * NOTICE: Do not edit this file manually. + * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator. + * + * info: + * title: Entity Analytics API client for tests + * version: Bundle (no version) + */ + +/* eslint-disable @typescript-eslint/no-duplicate-imports */ + +import { + ELASTIC_HTTP_VERSION_HEADER, + X_ELASTIC_INTERNAL_ORIGIN_REQUEST, +} from '@kbn/core-http-common'; +import { replaceParams } from '@kbn/openapi-common/shared'; + +import type { BulkUpsertAssetCriticalityRecordsRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/bulk_upload_asset_criticality.gen'; +import type { ConfigureRiskEngineSavedObjectRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/risk_engine/engine_configure_saved_object_route.gen'; +import type { CreateAssetCriticalityRecordRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/create_asset_criticality.gen'; +import type { DeleteAssetCriticalityRecordRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/delete_asset_criticality.gen'; +import type { + DeleteEntityEngineRequestQueryInput, + DeleteEntityEngineRequestParamsInput, +} from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/delete.gen'; +import type { DeprecatedTriggerRiskScoreCalculationRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/risk_engine/entity_calculation_route.gen'; +import type { FindAssetCriticalityRecordsRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/list_asset_criticality.gen'; +import type { GetAssetCriticalityRecordRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/get_asset_criticality.gen'; +import type { GetEntityEngineRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/get.gen'; +import type { GetEntityStoreStatusRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/status.gen'; +import type { + InitEntityEngineRequestParamsInput, + InitEntityEngineRequestBodyInput, +} from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/init.gen'; +import type { InitEntityStoreRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/enable.gen'; +import type { ListEntitiesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/entities/list_entities.gen'; +import type { PreviewRiskScoreRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/risk_engine/preview_route.gen'; +import type { StartEntityEngineRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/start.gen'; +import type { StopEntityEngineRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/stop.gen'; +import type { TriggerRiskScoreCalculationRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/risk_engine/entity_calculation_route.gen'; + +import type { FtrProviderContext } from '@kbn/ftr-common-functional-services'; +import { getRouteUrlForSpace } from '@kbn/spaces-plugin/common'; + +export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) { + const supertest = getService('supertest'); + + return { + applyEntityEngineDataviewIndices(kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/entity_store/engines/apply_dataview_indices', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + assetCriticalityGetPrivileges(kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/internal/asset_criticality/privileges', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Bulk upsert up to 1000 asset criticality records. + +If asset criticality records already exist for the specified entities, those records are overwritten with the specified values. If asset criticality records don't exist for the specified entities, new records are created. + + */ + bulkUpsertAssetCriticalityRecords( + props: BulkUpsertAssetCriticalityRecordsProps, + kibanaSpace: string = 'default' + ) { + return supertest + .post(getRouteUrlForSpace('/api/asset_criticality/bulk', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Cleaning up the the Risk Engine by removing the indices, mapping and transforms + */ + cleanUpRiskEngine(kibanaSpace: string = 'default') { + return supertest + .delete(getRouteUrlForSpace('/api/risk_score/engine/dangerously_delete_data', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Configuring the Risk Engine Saved Object + */ + configureRiskEngineSavedObject( + props: ConfigureRiskEngineSavedObjectProps, + kibanaSpace: string = 'default' + ) { + return supertest + .patch(getRouteUrlForSpace('/api/risk_score/engine/saved_object/configure', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Create or update an asset criticality record for a specific entity. + +If a record already exists for the specified entity, that record is overwritten with the specified value. If a record doesn't exist for the specified entity, a new record is created. + + */ + createAssetCriticalityRecord( + props: CreateAssetCriticalityRecordProps, + kibanaSpace: string = 'default' + ) { + return supertest + .post(getRouteUrlForSpace('/api/asset_criticality', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Delete the asset criticality record for a specific entity. + */ + deleteAssetCriticalityRecord( + props: DeleteAssetCriticalityRecordProps, + kibanaSpace: string = 'default' + ) { + return supertest + .delete(getRouteUrlForSpace('/api/asset_criticality', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + deleteEntityEngine(props: DeleteEntityEngineProps, kibanaSpace: string = 'default') { + return supertest + .delete( + getRouteUrlForSpace( + replaceParams('/api/entity_store/engines/{entityType}', props.params), + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + /** + * Calculates and persists Risk Scores for an entity, returning the calculated risk score. + */ + deprecatedTriggerRiskScoreCalculation( + props: DeprecatedTriggerRiskScoreCalculationProps, + kibanaSpace: string = 'default' + ) { + return supertest + .post(getRouteUrlForSpace('/api/risk_scores/calculation/entity', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + disableRiskEngine(kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/internal/risk_score/engine/disable', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + enableRiskEngine(kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/internal/risk_score/engine/enable', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + entityStoreGetPrivileges(kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/internal/entity_store/privileges', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * List asset criticality records, paging, sorting and filtering as needed. + */ + findAssetCriticalityRecords( + props: FindAssetCriticalityRecordsProps, + kibanaSpace: string = 'default' + ) { + return supertest + .get(getRouteUrlForSpace('/api/asset_criticality/list', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + /** + * Get the asset criticality record for a specific entity. + */ + getAssetCriticalityRecord( + props: GetAssetCriticalityRecordProps, + kibanaSpace: string = 'default' + ) { + return supertest + .get(getRouteUrlForSpace('/api/asset_criticality', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + getAssetCriticalityStatus(kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/internal/asset_criticality/status', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + getEntityEngine(props: GetEntityEngineProps, kibanaSpace: string = 'default') { + return supertest + .get( + getRouteUrlForSpace( + replaceParams('/api/entity_store/engines/{entityType}', props.params), + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + getEntityStoreStatus(props: GetEntityStoreStatusProps, kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/entity_store/status', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + /** + * Returns the status of both the legacy transform-based risk engine, as well as the new risk engine + */ + getRiskEngineStatus(kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/internal/risk_score/engine/status', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + initEntityEngine(props: InitEntityEngineProps, kibanaSpace: string = 'default') { + return supertest + .post( + getRouteUrlForSpace( + replaceParams('/api/entity_store/engines/{entityType}/init', props.params), + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + initEntityStore(props: InitEntityStoreProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/entity_store/enable', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Initializes the Risk Engine by creating the necessary indices and mappings, removing old transforms, and starting the new risk engine + */ + initRiskEngine(kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/internal/risk_score/engine/init', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + internalUploadAssetCriticalityRecords(kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/internal/asset_criticality/upload_csv', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * List entities records, paging, sorting and filtering as needed. + */ + listEntities(props: ListEntitiesProps, kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/entity_store/entities/list', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + listEntityEngines(kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/entity_store/engines', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Calculates and returns a list of Risk Scores, sorted by identifier_type and risk score. + */ + previewRiskScore(props: PreviewRiskScoreProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/internal/risk_score/preview', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + readRiskEngineSettings(kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/internal/risk_score/engine/settings', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + riskEngineGetPrivileges(kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/internal/risk_engine/privileges', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + runEntityAnalyticsMigrations(kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/internal/entity_analytics/migrations/run', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Schedule the risk scoring engine to run as soon as possible. You can use this to recalculate entity risk scores after updating their asset criticality. + */ + scheduleRiskEngineNow(kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/risk_score/engine/schedule_now', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + startEntityEngine(props: StartEntityEngineProps, kibanaSpace: string = 'default') { + return supertest + .post( + getRouteUrlForSpace( + replaceParams('/api/entity_store/engines/{entityType}/start', props.params), + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + stopEntityEngine(props: StopEntityEngineProps, kibanaSpace: string = 'default') { + return supertest + .post( + getRouteUrlForSpace( + replaceParams('/api/entity_store/engines/{entityType}/stop', props.params), + kibanaSpace + ) + ) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + /** + * Calculates and persists Risk Scores for an entity, returning the calculated risk score. + */ + triggerRiskScoreCalculation( + props: TriggerRiskScoreCalculationProps, + kibanaSpace: string = 'default' + ) { + return supertest + .post(getRouteUrlForSpace('/internal/risk_score/calculation/entity', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + uploadAssetCriticalityRecords(kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/asset_criticality/upload_csv', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); + }, + }; +} + +export interface BulkUpsertAssetCriticalityRecordsProps { + body: BulkUpsertAssetCriticalityRecordsRequestBodyInput; +} +export interface ConfigureRiskEngineSavedObjectProps { + body: ConfigureRiskEngineSavedObjectRequestBodyInput; +} +export interface CreateAssetCriticalityRecordProps { + body: CreateAssetCriticalityRecordRequestBodyInput; +} +export interface DeleteAssetCriticalityRecordProps { + query: DeleteAssetCriticalityRecordRequestQueryInput; +} +export interface DeleteEntityEngineProps { + query: DeleteEntityEngineRequestQueryInput; + params: DeleteEntityEngineRequestParamsInput; +} +export interface DeprecatedTriggerRiskScoreCalculationProps { + body: DeprecatedTriggerRiskScoreCalculationRequestBodyInput; +} +export interface FindAssetCriticalityRecordsProps { + query: FindAssetCriticalityRecordsRequestQueryInput; +} +export interface GetAssetCriticalityRecordProps { + query: GetAssetCriticalityRecordRequestQueryInput; +} +export interface GetEntityEngineProps { + params: GetEntityEngineRequestParamsInput; +} +export interface GetEntityStoreStatusProps { + query: GetEntityStoreStatusRequestQueryInput; +} +export interface InitEntityEngineProps { + params: InitEntityEngineRequestParamsInput; + body: InitEntityEngineRequestBodyInput; +} +export interface InitEntityStoreProps { + body: InitEntityStoreRequestBodyInput; +} +export interface ListEntitiesProps { + query: ListEntitiesRequestQueryInput; +} +export interface PreviewRiskScoreProps { + body: PreviewRiskScoreRequestBodyInput; +} +export interface StartEntityEngineProps { + params: StartEntityEngineRequestParamsInput; +} +export interface StopEntityEngineProps { + params: StopEntityEngineRequestParamsInput; +} +export interface TriggerRiskScoreCalculationProps { + body: TriggerRiskScoreCalculationRequestBodyInput; +} diff --git a/x-pack/test/api_integration/services/security_solution_exceptions_api.gen.ts b/x-pack/solutions/security/packages/test-api-clients/supertest/exceptions.gen.ts similarity index 73% rename from x-pack/test/api_integration/services/security_solution_exceptions_api.gen.ts rename to x-pack/solutions/security/packages/test-api-clients/supertest/exceptions.gen.ts index 6b0d8dad51ef2..30d4198be469b 100644 --- a/x-pack/test/api_integration/services/security_solution_exceptions_api.gen.ts +++ b/x-pack/solutions/security/packages/test-api-clients/supertest/exceptions.gen.ts @@ -20,27 +20,28 @@ import { } from '@kbn/core-http-common'; import { replaceParams } from '@kbn/openapi-common/shared'; -import { CreateExceptionListRequestBodyInput } from '@kbn/securitysolution-exceptions-common/api/create_exception_list/create_exception_list.gen'; -import { CreateExceptionListItemRequestBodyInput } from '@kbn/securitysolution-exceptions-common/api/create_exception_list_item/create_exception_list_item.gen'; -import { +import type { CreateExceptionListRequestBodyInput } from '@kbn/securitysolution-exceptions-common/api/create_exception_list/create_exception_list.gen'; +import type { CreateExceptionListItemRequestBodyInput } from '@kbn/securitysolution-exceptions-common/api/create_exception_list_item/create_exception_list_item.gen'; +import type { CreateRuleExceptionListItemsRequestParamsInput, CreateRuleExceptionListItemsRequestBodyInput, } from '@kbn/securitysolution-exceptions-common/api/create_rule_exceptions/create_rule_exceptions.gen'; -import { CreateSharedExceptionListRequestBodyInput } from '@kbn/securitysolution-exceptions-common/api/create_shared_exceptions_list/create_shared_exceptions_list.gen'; -import { DeleteExceptionListRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/delete_exception_list/delete_exception_list.gen'; -import { DeleteExceptionListItemRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/delete_exception_list_item/delete_exception_list_item.gen'; -import { DuplicateExceptionListRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/duplicate_exception_list/duplicate_exception_list.gen'; -import { ExportExceptionListRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/export_exception_list/export_exception_list.gen'; -import { FindExceptionListItemsRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/find_exception_list_items/find_exception_list_items.gen'; -import { FindExceptionListsRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/find_exception_lists/find_exception_lists.gen'; -import { ImportExceptionListRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/import_exceptions/import_exceptions.gen'; -import { ReadExceptionListRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/read_exception_list/read_exception_list.gen'; -import { ReadExceptionListItemRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/read_exception_list_item/read_exception_list_item.gen'; -import { ReadExceptionListSummaryRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/read_exception_list_summary/read_exception_list_summary.gen'; -import { UpdateExceptionListRequestBodyInput } from '@kbn/securitysolution-exceptions-common/api/update_exception_list/update_exception_list.gen'; -import { UpdateExceptionListItemRequestBodyInput } from '@kbn/securitysolution-exceptions-common/api/update_exception_list_item/update_exception_list_item.gen'; -import { routeWithNamespace } from '../../common/utils/security_solution'; -import { FtrProviderContext } from '../ftr_provider_context'; +import type { CreateSharedExceptionListRequestBodyInput } from '@kbn/securitysolution-exceptions-common/api/create_shared_exceptions_list/create_shared_exceptions_list.gen'; +import type { DeleteExceptionListRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/delete_exception_list/delete_exception_list.gen'; +import type { DeleteExceptionListItemRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/delete_exception_list_item/delete_exception_list_item.gen'; +import type { DuplicateExceptionListRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/duplicate_exception_list/duplicate_exception_list.gen'; +import type { ExportExceptionListRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/export_exception_list/export_exception_list.gen'; +import type { FindExceptionListItemsRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/find_exception_list_items/find_exception_list_items.gen'; +import type { FindExceptionListsRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/find_exception_lists/find_exception_lists.gen'; +import type { ImportExceptionListRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/import_exceptions/import_exceptions.gen'; +import type { ReadExceptionListRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/read_exception_list/read_exception_list.gen'; +import type { ReadExceptionListItemRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/read_exception_list_item/read_exception_list_item.gen'; +import type { ReadExceptionListSummaryRequestQueryInput } from '@kbn/securitysolution-exceptions-common/api/read_exception_list_summary/read_exception_list_summary.gen'; +import type { UpdateExceptionListRequestBodyInput } from '@kbn/securitysolution-exceptions-common/api/update_exception_list/update_exception_list.gen'; +import type { UpdateExceptionListItemRequestBodyInput } from '@kbn/securitysolution-exceptions-common/api/update_exception_list_item/update_exception_list_item.gen'; + +import type { FtrProviderContext } from '@kbn/ftr-common-functional-services'; +import { getRouteUrlForSpace } from '@kbn/spaces-plugin/common'; export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) { const supertest = getService('supertest'); @@ -54,7 +55,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) */ createExceptionList(props: CreateExceptionListProps, kibanaSpace: string = 'default') { return supertest - .post(routeWithNamespace('/api/exception_lists', kibanaSpace)) + .post(getRouteUrlForSpace('/api/exception_lists', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -68,7 +69,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) */ createExceptionListItem(props: CreateExceptionListItemProps, kibanaSpace: string = 'default') { return supertest - .post(routeWithNamespace('/api/exception_lists/items', kibanaSpace)) + .post(getRouteUrlForSpace('/api/exception_lists/items', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -83,7 +84,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) ) { return supertest .post( - routeWithNamespace( + getRouteUrlForSpace( replaceParams('/api/detection_engine/rules/{id}/exceptions', props.params), kibanaSpace ) @@ -104,7 +105,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) kibanaSpace: string = 'default' ) { return supertest - .post(routeWithNamespace('/api/exceptions/shared', kibanaSpace)) + .post(getRouteUrlForSpace('/api/exceptions/shared', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -115,7 +116,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) */ deleteExceptionList(props: DeleteExceptionListProps, kibanaSpace: string = 'default') { return supertest - .delete(routeWithNamespace('/api/exception_lists', kibanaSpace)) + .delete(getRouteUrlForSpace('/api/exception_lists', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -126,7 +127,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) */ deleteExceptionListItem(props: DeleteExceptionListItemProps, kibanaSpace: string = 'default') { return supertest - .delete(routeWithNamespace('/api/exception_lists/items', kibanaSpace)) + .delete(getRouteUrlForSpace('/api/exception_lists/items', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -137,7 +138,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) */ duplicateExceptionList(props: DuplicateExceptionListProps, kibanaSpace: string = 'default') { return supertest - .post(routeWithNamespace('/api/exception_lists/_duplicate', kibanaSpace)) + .post(getRouteUrlForSpace('/api/exception_lists/_duplicate', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -148,7 +149,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) */ exportExceptionList(props: ExportExceptionListProps, kibanaSpace: string = 'default') { return supertest - .post(routeWithNamespace('/api/exception_lists/_export', kibanaSpace)) + .post(getRouteUrlForSpace('/api/exception_lists/_export', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -159,7 +160,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) */ findExceptionListItems(props: FindExceptionListItemsProps, kibanaSpace: string = 'default') { return supertest - .get(routeWithNamespace('/api/exception_lists/items/_find', kibanaSpace)) + .get(getRouteUrlForSpace('/api/exception_lists/items/_find', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -170,7 +171,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) */ findExceptionLists(props: FindExceptionListsProps, kibanaSpace: string = 'default') { return supertest - .get(routeWithNamespace('/api/exception_lists/_find', kibanaSpace)) + .get(getRouteUrlForSpace('/api/exception_lists/_find', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -181,7 +182,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) */ importExceptionList(props: ImportExceptionListProps, kibanaSpace: string = 'default') { return supertest - .post(routeWithNamespace('/api/exception_lists/_import', kibanaSpace)) + .post(getRouteUrlForSpace('/api/exception_lists/_import', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -192,7 +193,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) */ readExceptionList(props: ReadExceptionListProps, kibanaSpace: string = 'default') { return supertest - .get(routeWithNamespace('/api/exception_lists', kibanaSpace)) + .get(getRouteUrlForSpace('/api/exception_lists', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -203,7 +204,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) */ readExceptionListItem(props: ReadExceptionListItemProps, kibanaSpace: string = 'default') { return supertest - .get(routeWithNamespace('/api/exception_lists/items', kibanaSpace)) + .get(getRouteUrlForSpace('/api/exception_lists/items', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -217,7 +218,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) kibanaSpace: string = 'default' ) { return supertest - .get(routeWithNamespace('/api/exception_lists/summary', kibanaSpace)) + .get(getRouteUrlForSpace('/api/exception_lists/summary', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -228,7 +229,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) */ updateExceptionList(props: UpdateExceptionListProps, kibanaSpace: string = 'default') { return supertest - .put(routeWithNamespace('/api/exception_lists', kibanaSpace)) + .put(getRouteUrlForSpace('/api/exception_lists', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -239,7 +240,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) */ updateExceptionListItem(props: UpdateExceptionListItemProps, kibanaSpace: string = 'default') { return supertest - .put(routeWithNamespace('/api/exception_lists/items', kibanaSpace)) + .put(getRouteUrlForSpace('/api/exception_lists/items', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') diff --git a/x-pack/test/api_integration/services/security_solution_lists_api.gen.ts b/x-pack/solutions/security/packages/test-api-clients/supertest/lists.gen.ts similarity index 73% rename from x-pack/test/api_integration/services/security_solution_lists_api.gen.ts rename to x-pack/solutions/security/packages/test-api-clients/supertest/lists.gen.ts index eb130a1d65805..6d02379a1d60a 100644 --- a/x-pack/test/api_integration/services/security_solution_lists_api.gen.ts +++ b/x-pack/solutions/security/packages/test-api-clients/supertest/lists.gen.ts @@ -19,22 +19,23 @@ import { X_ELASTIC_INTERNAL_ORIGIN_REQUEST, } from '@kbn/core-http-common'; -import { CreateListRequestBodyInput } from '@kbn/securitysolution-lists-common/api/create_list/create_list.gen'; -import { CreateListItemRequestBodyInput } from '@kbn/securitysolution-lists-common/api/create_list_item/create_list_item.gen'; -import { DeleteListRequestQueryInput } from '@kbn/securitysolution-lists-common/api/delete_list/delete_list.gen'; -import { DeleteListItemRequestQueryInput } from '@kbn/securitysolution-lists-common/api/delete_list_item/delete_list_item.gen'; -import { ExportListItemsRequestQueryInput } from '@kbn/securitysolution-lists-common/api/export_list_items/export_list_items.gen'; -import { FindListItemsRequestQueryInput } from '@kbn/securitysolution-lists-common/api/find_list_items/find_list_items.gen'; -import { FindListsRequestQueryInput } from '@kbn/securitysolution-lists-common/api/find_lists/find_lists.gen'; -import { ImportListItemsRequestQueryInput } from '@kbn/securitysolution-lists-common/api/import_list_items/import_list_items.gen'; -import { PatchListRequestBodyInput } from '@kbn/securitysolution-lists-common/api/patch_list/patch_list.gen'; -import { PatchListItemRequestBodyInput } from '@kbn/securitysolution-lists-common/api/patch_list_item/patch_list_item.gen'; -import { ReadListRequestQueryInput } from '@kbn/securitysolution-lists-common/api/read_list/read_list.gen'; -import { ReadListItemRequestQueryInput } from '@kbn/securitysolution-lists-common/api/read_list_item/read_list_item.gen'; -import { UpdateListRequestBodyInput } from '@kbn/securitysolution-lists-common/api/update_list/update_list.gen'; -import { UpdateListItemRequestBodyInput } from '@kbn/securitysolution-lists-common/api/update_list_item/update_list_item.gen'; -import { routeWithNamespace } from '../../common/utils/security_solution'; -import { FtrProviderContext } from '../ftr_provider_context'; +import type { CreateListRequestBodyInput } from '@kbn/securitysolution-lists-common/api/create_list/create_list.gen'; +import type { CreateListItemRequestBodyInput } from '@kbn/securitysolution-lists-common/api/create_list_item/create_list_item.gen'; +import type { DeleteListRequestQueryInput } from '@kbn/securitysolution-lists-common/api/delete_list/delete_list.gen'; +import type { DeleteListItemRequestQueryInput } from '@kbn/securitysolution-lists-common/api/delete_list_item/delete_list_item.gen'; +import type { ExportListItemsRequestQueryInput } from '@kbn/securitysolution-lists-common/api/export_list_items/export_list_items.gen'; +import type { FindListItemsRequestQueryInput } from '@kbn/securitysolution-lists-common/api/find_list_items/find_list_items.gen'; +import type { FindListsRequestQueryInput } from '@kbn/securitysolution-lists-common/api/find_lists/find_lists.gen'; +import type { ImportListItemsRequestQueryInput } from '@kbn/securitysolution-lists-common/api/import_list_items/import_list_items.gen'; +import type { PatchListRequestBodyInput } from '@kbn/securitysolution-lists-common/api/patch_list/patch_list.gen'; +import type { PatchListItemRequestBodyInput } from '@kbn/securitysolution-lists-common/api/patch_list_item/patch_list_item.gen'; +import type { ReadListRequestQueryInput } from '@kbn/securitysolution-lists-common/api/read_list/read_list.gen'; +import type { ReadListItemRequestQueryInput } from '@kbn/securitysolution-lists-common/api/read_list_item/read_list_item.gen'; +import type { UpdateListRequestBodyInput } from '@kbn/securitysolution-lists-common/api/update_list/update_list.gen'; +import type { UpdateListItemRequestBodyInput } from '@kbn/securitysolution-lists-common/api/update_list_item/update_list_item.gen'; + +import type { FtrProviderContext } from '@kbn/ftr-common-functional-services'; +import { getRouteUrlForSpace } from '@kbn/spaces-plugin/common'; export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) { const supertest = getService('supertest'); @@ -45,7 +46,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) */ createList(props: CreateListProps, kibanaSpace: string = 'default') { return supertest - .post(routeWithNamespace('/api/lists', kibanaSpace)) + .post(getRouteUrlForSpace('/api/lists', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -56,7 +57,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) */ createListIndex(kibanaSpace: string = 'default') { return supertest - .post(routeWithNamespace('/api/lists/index', kibanaSpace)) + .post(getRouteUrlForSpace('/api/lists/index', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); @@ -71,7 +72,7 @@ All value list items in the same list must be the same type. For example, each l */ createListItem(props: CreateListItemProps, kibanaSpace: string = 'default') { return supertest - .post(routeWithNamespace('/api/lists/items', kibanaSpace)) + .post(getRouteUrlForSpace('/api/lists/items', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -85,7 +86,7 @@ All value list items in the same list must be the same type. For example, each l */ deleteList(props: DeleteListProps, kibanaSpace: string = 'default') { return supertest - .delete(routeWithNamespace('/api/lists', kibanaSpace)) + .delete(getRouteUrlForSpace('/api/lists', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -96,7 +97,7 @@ All value list items in the same list must be the same type. For example, each l */ deleteListIndex(kibanaSpace: string = 'default') { return supertest - .delete(routeWithNamespace('/api/lists/index', kibanaSpace)) + .delete(getRouteUrlForSpace('/api/lists/index', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); @@ -106,7 +107,7 @@ All value list items in the same list must be the same type. For example, each l */ deleteListItem(props: DeleteListItemProps, kibanaSpace: string = 'default') { return supertest - .delete(routeWithNamespace('/api/lists/items', kibanaSpace)) + .delete(getRouteUrlForSpace('/api/lists/items', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -117,7 +118,7 @@ All value list items in the same list must be the same type. For example, each l */ exportListItems(props: ExportListItemsProps, kibanaSpace: string = 'default') { return supertest - .post(routeWithNamespace('/api/lists/items/_export', kibanaSpace)) + .post(getRouteUrlForSpace('/api/lists/items/_export', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -128,7 +129,7 @@ All value list items in the same list must be the same type. For example, each l */ findListItems(props: FindListItemsProps, kibanaSpace: string = 'default') { return supertest - .get(routeWithNamespace('/api/lists/items/_find', kibanaSpace)) + .get(getRouteUrlForSpace('/api/lists/items/_find', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -139,7 +140,7 @@ All value list items in the same list must be the same type. For example, each l */ findLists(props: FindListsProps, kibanaSpace: string = 'default') { return supertest - .get(routeWithNamespace('/api/lists/_find', kibanaSpace)) + .get(getRouteUrlForSpace('/api/lists/_find', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -153,7 +154,7 @@ You can import items to a new or existing list. */ importListItems(props: ImportListItemsProps, kibanaSpace: string = 'default') { return supertest - .post(routeWithNamespace('/api/lists/items/_import', kibanaSpace)) + .post(getRouteUrlForSpace('/api/lists/items/_import', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -164,7 +165,7 @@ You can import items to a new or existing list. */ patchList(props: PatchListProps, kibanaSpace: string = 'default') { return supertest - .patch(routeWithNamespace('/api/lists', kibanaSpace)) + .patch(getRouteUrlForSpace('/api/lists', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -175,7 +176,7 @@ You can import items to a new or existing list. */ patchListItem(props: PatchListItemProps, kibanaSpace: string = 'default') { return supertest - .patch(routeWithNamespace('/api/lists/items', kibanaSpace)) + .patch(getRouteUrlForSpace('/api/lists/items', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -186,7 +187,7 @@ You can import items to a new or existing list. */ readList(props: ReadListProps, kibanaSpace: string = 'default') { return supertest - .get(routeWithNamespace('/api/lists', kibanaSpace)) + .get(getRouteUrlForSpace('/api/lists', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -197,7 +198,7 @@ You can import items to a new or existing list. */ readListIndex(kibanaSpace: string = 'default') { return supertest - .get(routeWithNamespace('/api/lists/index', kibanaSpace)) + .get(getRouteUrlForSpace('/api/lists/index', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); @@ -207,7 +208,7 @@ You can import items to a new or existing list. */ readListItem(props: ReadListItemProps, kibanaSpace: string = 'default') { return supertest - .get(routeWithNamespace('/api/lists/items', kibanaSpace)) + .get(getRouteUrlForSpace('/api/lists/items', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -215,7 +216,7 @@ You can import items to a new or existing list. }, readListPrivileges(kibanaSpace: string = 'default') { return supertest - .get(routeWithNamespace('/api/lists/privileges', kibanaSpace)) + .get(getRouteUrlForSpace('/api/lists/privileges', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); @@ -228,7 +229,7 @@ You can import items to a new or existing list. */ updateList(props: UpdateListProps, kibanaSpace: string = 'default') { return supertest - .put(routeWithNamespace('/api/lists', kibanaSpace)) + .put(getRouteUrlForSpace('/api/lists', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -242,7 +243,7 @@ You can import items to a new or existing list. */ updateListItem(props: UpdateListItemProps, kibanaSpace: string = 'default') { return supertest - .put(routeWithNamespace('/api/lists/items', kibanaSpace)) + .put(getRouteUrlForSpace('/api/lists/items', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') diff --git a/x-pack/test/api_integration/services/security_solution_osquery_api.gen.ts b/x-pack/solutions/security/packages/test-api-clients/supertest/osquery.gen.ts similarity index 77% rename from x-pack/test/api_integration/services/security_solution_osquery_api.gen.ts rename to x-pack/solutions/security/packages/test-api-clients/supertest/osquery.gen.ts index 384500062155e..72e09813404df 100644 --- a/x-pack/test/api_integration/services/security_solution_osquery_api.gen.ts +++ b/x-pack/solutions/security/packages/test-api-clients/supertest/osquery.gen.ts @@ -14,42 +14,45 @@ * version: Bundle (no version) */ +/* eslint-disable @typescript-eslint/no-duplicate-imports */ + import { ELASTIC_HTTP_VERSION_HEADER, X_ELASTIC_INTERNAL_ORIGIN_REQUEST, } from '@kbn/core-http-common'; import { replaceParams } from '@kbn/openapi-common/shared'; -import { GetAgentDetailsRequestParamsInput } from '@kbn/osquery-plugin/common/api/fleet_wrapper/fleet_wrapper.gen'; -import { GetAgentPolicyRequestParamsInput } from '@kbn/osquery-plugin/common/api/fleet_wrapper/fleet_wrapper.gen'; -import { GetAgentsRequestQueryInput } from '@kbn/osquery-plugin/common/api/fleet_wrapper/fleet_wrapper.gen'; -import { OsqueryCreateLiveQueryRequestBodyInput } from '@kbn/osquery-plugin/common/api/live_query/live_queries.gen'; -import { OsqueryCreatePacksRequestBodyInput } from '@kbn/osquery-plugin/common/api/packs/packs.gen'; -import { OsqueryCreateSavedQueryRequestBodyInput } from '@kbn/osquery-plugin/common/api/saved_query/saved_query.gen'; -import { OsqueryDeletePacksRequestParamsInput } from '@kbn/osquery-plugin/common/api/packs/packs.gen'; -import { OsqueryDeleteSavedQueryRequestParamsInput } from '@kbn/osquery-plugin/common/api/saved_query/saved_query.gen'; -import { OsqueryFindLiveQueriesRequestQueryInput } from '@kbn/osquery-plugin/common/api/live_query/live_queries.gen'; -import { OsqueryFindPacksRequestQueryInput } from '@kbn/osquery-plugin/common/api/packs/packs.gen'; -import { OsqueryFindSavedQueriesRequestQueryInput } from '@kbn/osquery-plugin/common/api/saved_query/saved_query.gen'; -import { OsqueryGetLiveQueryDetailsRequestParamsInput } from '@kbn/osquery-plugin/common/api/live_query/live_queries.gen'; -import { +import type { GetAgentDetailsRequestParamsInput } from '@kbn/osquery-plugin/common/api/fleet_wrapper/fleet_wrapper.gen'; +import type { GetAgentPolicyRequestParamsInput } from '@kbn/osquery-plugin/common/api/fleet_wrapper/fleet_wrapper.gen'; +import type { GetAgentsRequestQueryInput } from '@kbn/osquery-plugin/common/api/fleet_wrapper/fleet_wrapper.gen'; +import type { OsqueryCreateLiveQueryRequestBodyInput } from '@kbn/osquery-plugin/common/api/live_query/live_queries.gen'; +import type { OsqueryCreatePacksRequestBodyInput } from '@kbn/osquery-plugin/common/api/packs/packs.gen'; +import type { OsqueryCreateSavedQueryRequestBodyInput } from '@kbn/osquery-plugin/common/api/saved_query/saved_query.gen'; +import type { OsqueryDeletePacksRequestParamsInput } from '@kbn/osquery-plugin/common/api/packs/packs.gen'; +import type { OsqueryDeleteSavedQueryRequestParamsInput } from '@kbn/osquery-plugin/common/api/saved_query/saved_query.gen'; +import type { OsqueryFindLiveQueriesRequestQueryInput } from '@kbn/osquery-plugin/common/api/live_query/live_queries.gen'; +import type { OsqueryFindPacksRequestQueryInput } from '@kbn/osquery-plugin/common/api/packs/packs.gen'; +import type { OsqueryFindSavedQueriesRequestQueryInput } from '@kbn/osquery-plugin/common/api/saved_query/saved_query.gen'; +import type { OsqueryGetLiveQueryDetailsRequestParamsInput } from '@kbn/osquery-plugin/common/api/live_query/live_queries.gen'; +import type { OsqueryGetLiveQueryResultsRequestQueryInput, OsqueryGetLiveQueryResultsRequestParamsInput, } from '@kbn/osquery-plugin/common/api/live_query/live_queries.gen'; -import { OsqueryGetPacksDetailsRequestParamsInput } from '@kbn/osquery-plugin/common/api/packs/packs.gen'; -import { OsqueryGetSavedQueryDetailsRequestParamsInput } from '@kbn/osquery-plugin/common/api/saved_query/saved_query.gen'; -import { +import type { OsqueryGetPacksDetailsRequestParamsInput } from '@kbn/osquery-plugin/common/api/packs/packs.gen'; +import type { OsqueryGetSavedQueryDetailsRequestParamsInput } from '@kbn/osquery-plugin/common/api/saved_query/saved_query.gen'; +import type { OsqueryUpdatePacksRequestParamsInput, OsqueryUpdatePacksRequestBodyInput, } from '@kbn/osquery-plugin/common/api/packs/packs.gen'; -import { +import type { OsqueryUpdateSavedQueryRequestParamsInput, OsqueryUpdateSavedQueryRequestBodyInput, } from '@kbn/osquery-plugin/common/api/saved_query/saved_query.gen'; -import { ReadAssetsStatusRequestQueryInput } from '@kbn/osquery-plugin/common/api/asset/assets.gen'; -import { UpdateAssetsStatusRequestQueryInput } from '@kbn/osquery-plugin/common/api/asset/assets.gen'; -import { routeWithNamespace } from '../../common/utils/security_solution'; -import { FtrProviderContext } from '../ftr_provider_context'; +import type { ReadAssetsStatusRequestQueryInput } from '@kbn/osquery-plugin/common/api/asset/assets.gen'; +import type { UpdateAssetsStatusRequestQueryInput } from '@kbn/osquery-plugin/common/api/asset/assets.gen'; + +import type { FtrProviderContext } from '@kbn/ftr-common-functional-services'; +import { getRouteUrlForSpace } from '@kbn/spaces-plugin/common'; export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) { const supertest = getService('supertest'); @@ -58,7 +61,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) getAgentDetails(props: GetAgentDetailsProps, kibanaSpace: string = 'default') { return supertest .get( - routeWithNamespace( + getRouteUrlForSpace( replaceParams('/internal/osquery/fleet_wrapper/agents/{id}', props.params), kibanaSpace ) @@ -69,14 +72,14 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) }, getAgentPackagePolicies(kibanaSpace: string = 'default') { return supertest - .get(routeWithNamespace('/internal/osquery/fleet_wrapper/package_policies', kibanaSpace)) + .get(getRouteUrlForSpace('/internal/osquery/fleet_wrapper/package_policies', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '1') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); }, getAgentPolicies(kibanaSpace: string = 'default') { return supertest - .get(routeWithNamespace('/internal/osquery/fleet_wrapper/agent_policies', kibanaSpace)) + .get(getRouteUrlForSpace('/internal/osquery/fleet_wrapper/agent_policies', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '1') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); @@ -84,7 +87,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) getAgentPolicy(props: GetAgentPolicyProps, kibanaSpace: string = 'default') { return supertest .get( - routeWithNamespace( + getRouteUrlForSpace( replaceParams('/internal/osquery/fleet_wrapper/agent_policies/{id}', props.params), kibanaSpace ) @@ -95,7 +98,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) }, getAgents(props: GetAgentsProps, kibanaSpace: string = 'default') { return supertest - .get(routeWithNamespace('/internal/osquery/fleet_wrapper/agents', kibanaSpace)) + .get(getRouteUrlForSpace('/internal/osquery/fleet_wrapper/agents', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '1') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -106,7 +109,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) */ osqueryCreateLiveQuery(props: OsqueryCreateLiveQueryProps, kibanaSpace: string = 'default') { return supertest - .post(routeWithNamespace('/api/osquery/live_queries', kibanaSpace)) + .post(getRouteUrlForSpace('/api/osquery/live_queries', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -117,7 +120,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) */ osqueryCreatePacks(props: OsqueryCreatePacksProps, kibanaSpace: string = 'default') { return supertest - .post(routeWithNamespace('/api/osquery/packs', kibanaSpace)) + .post(getRouteUrlForSpace('/api/osquery/packs', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -128,7 +131,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) */ osqueryCreateSavedQuery(props: OsqueryCreateSavedQueryProps, kibanaSpace: string = 'default') { return supertest - .post(routeWithNamespace('/api/osquery/saved_queries', kibanaSpace)) + .post(getRouteUrlForSpace('/api/osquery/saved_queries', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -140,7 +143,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) osqueryDeletePacks(props: OsqueryDeletePacksProps, kibanaSpace: string = 'default') { return supertest .delete( - routeWithNamespace(replaceParams('/api/osquery/packs/{id}', props.params), kibanaSpace) + getRouteUrlForSpace(replaceParams('/api/osquery/packs/{id}', props.params), kibanaSpace) ) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') @@ -152,7 +155,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) osqueryDeleteSavedQuery(props: OsqueryDeleteSavedQueryProps, kibanaSpace: string = 'default') { return supertest .delete( - routeWithNamespace( + getRouteUrlForSpace( replaceParams('/api/osquery/saved_queries/{id}', props.params), kibanaSpace ) @@ -166,7 +169,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) */ osqueryFindLiveQueries(props: OsqueryFindLiveQueriesProps, kibanaSpace: string = 'default') { return supertest - .get(routeWithNamespace('/api/osquery/live_queries', kibanaSpace)) + .get(getRouteUrlForSpace('/api/osquery/live_queries', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -177,7 +180,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) */ osqueryFindPacks(props: OsqueryFindPacksProps, kibanaSpace: string = 'default') { return supertest - .get(routeWithNamespace('/api/osquery/packs', kibanaSpace)) + .get(getRouteUrlForSpace('/api/osquery/packs', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -188,7 +191,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) */ osqueryFindSavedQueries(props: OsqueryFindSavedQueriesProps, kibanaSpace: string = 'default') { return supertest - .get(routeWithNamespace('/api/osquery/saved_queries', kibanaSpace)) + .get(getRouteUrlForSpace('/api/osquery/saved_queries', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -203,7 +206,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) ) { return supertest .get( - routeWithNamespace( + getRouteUrlForSpace( replaceParams('/api/osquery/live_queries/{id}', props.params), kibanaSpace ) @@ -221,7 +224,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) ) { return supertest .get( - routeWithNamespace( + getRouteUrlForSpace( replaceParams('/api/osquery/live_queries/{id}/results/{actionId}', props.params), kibanaSpace ) @@ -237,7 +240,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) osqueryGetPacksDetails(props: OsqueryGetPacksDetailsProps, kibanaSpace: string = 'default') { return supertest .get( - routeWithNamespace(replaceParams('/api/osquery/packs/{id}', props.params), kibanaSpace) + getRouteUrlForSpace(replaceParams('/api/osquery/packs/{id}', props.params), kibanaSpace) ) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') @@ -252,7 +255,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) ) { return supertest .get( - routeWithNamespace( + getRouteUrlForSpace( replaceParams('/api/osquery/saved_queries/{id}', props.params), kibanaSpace ) @@ -270,7 +273,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) osqueryUpdatePacks(props: OsqueryUpdatePacksProps, kibanaSpace: string = 'default') { return supertest .put( - routeWithNamespace(replaceParams('/api/osquery/packs/{id}', props.params), kibanaSpace) + getRouteUrlForSpace(replaceParams('/api/osquery/packs/{id}', props.params), kibanaSpace) ) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') @@ -286,7 +289,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) osqueryUpdateSavedQuery(props: OsqueryUpdateSavedQueryProps, kibanaSpace: string = 'default') { return supertest .put( - routeWithNamespace( + getRouteUrlForSpace( replaceParams('/api/osquery/saved_queries/{id}', props.params), kibanaSpace ) @@ -298,7 +301,7 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) }, readAssetsStatus(props: ReadAssetsStatusProps, kibanaSpace: string = 'default') { return supertest - .get(routeWithNamespace('/internal/osquery/assets', kibanaSpace)) + .get(getRouteUrlForSpace('/internal/osquery/assets', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '1') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') @@ -306,21 +309,21 @@ export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) }, readInstallationStatus(kibanaSpace: string = 'default') { return supertest - .get(routeWithNamespace('/internal/osquery/status', kibanaSpace)) + .get(getRouteUrlForSpace('/internal/osquery/status', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '1') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); }, readPrivilegesCheck(kibanaSpace: string = 'default') { return supertest - .get(routeWithNamespace('/internal/osquery/privileges_check', kibanaSpace)) + .get(getRouteUrlForSpace('/internal/osquery/privileges_check', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '1') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); }, updateAssetsStatus(props: UpdateAssetsStatusProps, kibanaSpace: string = 'default') { return supertest - .post(routeWithNamespace('/internal/osquery/assets/update', kibanaSpace)) + .post(getRouteUrlForSpace('/internal/osquery/assets/update', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '1') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') diff --git a/x-pack/solutions/security/packages/test-api-clients/supertest/timelines.gen.ts b/x-pack/solutions/security/packages/test-api-clients/supertest/timelines.gen.ts new file mode 100644 index 0000000000000..e6e505f7634a2 --- /dev/null +++ b/x-pack/solutions/security/packages/test-api-clients/supertest/timelines.gen.ts @@ -0,0 +1,296 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +/* + * NOTICE: Do not edit this file manually. + * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator. + * + * info: + * title: Timelines API client for tests + * version: Bundle (no version) + */ + +import { + ELASTIC_HTTP_VERSION_HEADER, + X_ELASTIC_INTERNAL_ORIGIN_REQUEST, +} from '@kbn/core-http-common'; + +import type { CleanDraftTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/clean_draft_timelines/clean_draft_timelines_route.gen'; +import type { CopyTimelineRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/copy_timeline/copy_timeline_route.gen'; +import type { CreateTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/create_timelines/create_timelines_route.gen'; +import type { DeleteNoteRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/delete_note/delete_note_route.gen'; +import type { DeleteTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/delete_timelines/delete_timelines_route.gen'; +import type { + ExportTimelinesRequestQueryInput, + ExportTimelinesRequestBodyInput, +} from '@kbn/security-solution-plugin/common/api/timeline/export_timelines/export_timelines_route.gen'; +import type { GetDraftTimelinesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/get_draft_timelines/get_draft_timelines_route.gen'; +import type { GetNotesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/get_notes/get_notes_route.gen'; +import type { GetTimelineRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/get_timeline/get_timeline_route.gen'; +import type { GetTimelinesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/get_timelines/get_timelines_route.gen'; +import type { ImportTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/import_timelines/import_timelines_route.gen'; +import type { InstallPrepackedTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/install_prepackaged_timelines/install_prepackaged_timelines_route.gen'; +import type { PatchTimelineRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/patch_timelines/patch_timeline_route.gen'; +import type { PersistFavoriteRouteRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/persist_favorite/persist_favorite_route.gen'; +import type { PersistNoteRouteRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/persist_note/persist_note_route.gen'; +import type { PersistPinnedEventRouteRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/pinned_events/pinned_events_route.gen'; +import type { ResolveTimelineRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/resolve_timeline/resolve_timeline_route.gen'; + +import type { FtrProviderContext } from '@kbn/ftr-common-functional-services'; +import { getRouteUrlForSpace } from '@kbn/spaces-plugin/common'; + +export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) { + const supertest = getService('supertest'); + + return { + /** + * Create a clean draft Timeline or Timeline template for the current user. +> info +> If the user already has a draft Timeline, the existing draft Timeline is cleared and returned. + + */ + cleanDraftTimelines(props: CleanDraftTimelinesProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/timeline/_draft', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Copies and returns a timeline or timeline template. + + */ + copyTimeline(props: CopyTimelineProps, kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/timeline/_copy', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Create a new Timeline or Timeline template. + */ + createTimelines(props: CreateTimelinesProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/timeline', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Delete a note from a Timeline using the note ID. + */ + deleteNote(props: DeleteNoteProps, kibanaSpace: string = 'default') { + return supertest + .delete(getRouteUrlForSpace('/api/note', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Delete one or more Timelines or Timeline templates. + */ + deleteTimelines(props: DeleteTimelinesProps, kibanaSpace: string = 'default') { + return supertest + .delete(getRouteUrlForSpace('/api/timeline', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Export Timelines as an NDJSON file. + */ + exportTimelines(props: ExportTimelinesProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/timeline/_export', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object) + .query(props.query); + }, + /** + * Get the details of the draft Timeline or Timeline template for the current user. If the user doesn't have a draft Timeline, an empty Timeline is returned. + */ + getDraftTimelines(props: GetDraftTimelinesProps, kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/timeline/_draft', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + /** + * Get all notes for a given document. + */ + getNotes(props: GetNotesProps, kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/note', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + /** + * Get the details of an existing saved Timeline or Timeline template. + */ + getTimeline(props: GetTimelineProps, kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/timeline', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + /** + * Get a list of all saved Timelines or Timeline templates. + */ + getTimelines(props: GetTimelinesProps, kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/timelines', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + /** + * Import Timelines. + */ + importTimelines(props: ImportTimelinesProps, kibanaSpace: string = 'default') { + return supertest + .post(getRouteUrlForSpace('/api/timeline/_import', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Install or update prepackaged Timelines. + */ + installPrepackedTimelines( + props: InstallPrepackedTimelinesProps, + kibanaSpace: string = 'default' + ) { + return supertest + .post(getRouteUrlForSpace('/api/timeline/_prepackaged', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Update an existing Timeline. You can update the title, description, date range, pinned events, pinned queries, and/or pinned saved queries of an existing Timeline. + */ + patchTimeline(props: PatchTimelineProps, kibanaSpace: string = 'default') { + return supertest + .patch(getRouteUrlForSpace('/api/timeline', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Favorite a Timeline or Timeline template for the current user. + */ + persistFavoriteRoute(props: PersistFavoriteRouteProps, kibanaSpace: string = 'default') { + return supertest + .patch(getRouteUrlForSpace('/api/timeline/_favorite', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Add a note to a Timeline or update an existing note. + */ + persistNoteRoute(props: PersistNoteRouteProps, kibanaSpace: string = 'default') { + return supertest + .patch(getRouteUrlForSpace('/api/note', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + /** + * Pin/unpin an event to/from an existing Timeline. + */ + persistPinnedEventRoute(props: PersistPinnedEventRouteProps, kibanaSpace: string = 'default') { + return supertest + .patch(getRouteUrlForSpace('/api/pinned_event', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .send(props.body as object); + }, + resolveTimeline(props: ResolveTimelineProps, kibanaSpace: string = 'default') { + return supertest + .get(getRouteUrlForSpace('/api/timeline/resolve', kibanaSpace)) + .set('kbn-xsrf', 'true') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') + .query(props.query); + }, + }; +} + +export interface CleanDraftTimelinesProps { + body: CleanDraftTimelinesRequestBodyInput; +} +export interface CopyTimelineProps { + body: CopyTimelineRequestBodyInput; +} +export interface CreateTimelinesProps { + body: CreateTimelinesRequestBodyInput; +} +export interface DeleteNoteProps { + body: DeleteNoteRequestBodyInput; +} +export interface DeleteTimelinesProps { + body: DeleteTimelinesRequestBodyInput; +} +export interface ExportTimelinesProps { + query: ExportTimelinesRequestQueryInput; + body: ExportTimelinesRequestBodyInput; +} +export interface GetDraftTimelinesProps { + query: GetDraftTimelinesRequestQueryInput; +} +export interface GetNotesProps { + query: GetNotesRequestQueryInput; +} +export interface GetTimelineProps { + query: GetTimelineRequestQueryInput; +} +export interface GetTimelinesProps { + query: GetTimelinesRequestQueryInput; +} +export interface ImportTimelinesProps { + body: ImportTimelinesRequestBodyInput; +} +export interface InstallPrepackedTimelinesProps { + body: InstallPrepackedTimelinesRequestBodyInput; +} +export interface PatchTimelineProps { + body: PatchTimelineRequestBodyInput; +} +export interface PersistFavoriteRouteProps { + body: PersistFavoriteRouteRequestBodyInput; +} +export interface PersistNoteRouteProps { + body: PersistNoteRouteRequestBodyInput; +} +export interface PersistPinnedEventRouteProps { + body: PersistPinnedEventRouteRequestBodyInput; +} +export interface ResolveTimelineProps { + query: ResolveTimelineRequestQueryInput; +} diff --git a/x-pack/solutions/security/packages/test-api-clients/tsconfig.json b/x-pack/solutions/security/packages/test-api-clients/tsconfig.json new file mode 100644 index 0000000000000..d67b71f66b098 --- /dev/null +++ b/x-pack/solutions/security/packages/test-api-clients/tsconfig.json @@ -0,0 +1,27 @@ +{ + "extends": "../../../../../tsconfig.base.json", + "compilerOptions": { + "outDir": "target/types", + "types": [ + "jest", + "node" + ] + }, + "include": [ + "**/*.ts", + ], + "exclude": [ + "target/**/*" + ], + "kbn_references": [ + "@kbn/core-http-common", + "@kbn/openapi-common", + "@kbn/security-solution-plugin", + "@kbn/ftr-common-functional-services", + "@kbn/securitysolution-endpoint-exceptions-common", + "@kbn/securitysolution-exceptions-common", + "@kbn/securitysolution-lists-common", + "@kbn/osquery-plugin", + "@kbn/spaces-plugin" + ] +} diff --git a/x-pack/solutions/security/plugins/security_solution/scripts/openapi/generate.js b/x-pack/solutions/security/plugins/security_solution/scripts/openapi/generate.js index 8192f7ca6131f..98bc43693a646 100644 --- a/x-pack/solutions/security/plugins/security_solution/scripts/openapi/generate.js +++ b/x-pack/solutions/security/plugins/security_solution/scripts/openapi/generate.js @@ -23,13 +23,58 @@ const SECURITY_SOLUTION_ROOT = resolve(__dirname, '../..'); }); await generate({ - title: 'API client for tests', + title: 'Detections API client for tests', rootDir: SECURITY_SOLUTION_ROOT, - sourceGlob: './common/**/*.schema.yaml', + sourceGlob: join(SECURITY_SOLUTION_ROOT, 'common/api/detection_engine/**/*.schema.yaml'), templateName: 'api_client_supertest', skipLinting: true, bundle: { - outFile: join(REPO_ROOT, 'x-pack/test/api_integration/services/security_solution_api.gen.ts'), + outFile: join( + REPO_ROOT, + 'x-pack/solutions/security/packages/test-api-clients/supertest/detections.gen.ts' + ), + }, + }); + + await generate({ + title: 'Endpoint Management API client for tests', + rootDir: SECURITY_SOLUTION_ROOT, + sourceGlob: join(SECURITY_SOLUTION_ROOT, 'common/api/endpoint/**/*.schema.yaml'), + templateName: 'api_client_supertest', + skipLinting: true, + bundle: { + outFile: join( + REPO_ROOT, + 'x-pack/solutions/security/packages/test-api-clients/supertest/endpoint_management.gen.ts' + ), + }, + }); + + await generate({ + title: 'Entity Analytics API client for tests', + rootDir: SECURITY_SOLUTION_ROOT, + sourceGlob: join(SECURITY_SOLUTION_ROOT, 'common/api/entity_analytics/**/*.schema.yaml'), + templateName: 'api_client_supertest', + skipLinting: true, + bundle: { + outFile: join( + REPO_ROOT, + 'x-pack/solutions/security/packages/test-api-clients/supertest/entity_analytics.gen.ts' + ), + }, + }); + + await generate({ + title: 'Timelines API client for tests', + rootDir: SECURITY_SOLUTION_ROOT, + sourceGlob: join(SECURITY_SOLUTION_ROOT, 'common/api/timeline/**/*.schema.yaml'), + templateName: 'api_client_supertest', + skipLinting: true, + bundle: { + outFile: join( + REPO_ROOT, + 'x-pack/solutions/security/packages/test-api-clients/supertest/timelines.gen.ts' + ), }, }); diff --git a/x-pack/test/api_integration/services/index.ts b/x-pack/test/api_integration/services/index.ts index 28ef56efb937b..44c992fd594f2 100644 --- a/x-pack/test/api_integration/services/index.ts +++ b/x-pack/test/api_integration/services/index.ts @@ -5,6 +5,9 @@ * 2.0. */ +import { SecuritySolutionApiProvider as DetectionsApiProvider } from '@kbn/security-solution-test-api-clients/supertest/detections.gen'; +import { SecuritySolutionApiProvider as EntityAnalyticsApiProvider } from '@kbn/security-solution-test-api-clients/supertest/entity_analytics.gen'; +import { SecuritySolutionApiProvider as ExceptionsApiProvider } from '@kbn/security-solution-test-api-clients/supertest/exceptions.gen'; import { services as kibanaApiIntegrationServices } from '@kbn/test-suites-src/api_integration/services'; import { services as commonServices } from '../../common/services'; @@ -22,9 +25,7 @@ import { IngestPipelinesProvider } from './ingest_pipelines'; import { IndexManagementProvider } from './index_management'; import { DataViewApiProvider } from './data_view_api'; import { SloApiProvider } from './slo'; -import { SecuritySolutionApiProvider } from './security_solution_api.gen'; import { FleetAndAgents } from './fleet_and_agents'; -import { SecuritySolutionApiProvider as SecuritySolutionExceptionsApiProvider } from './security_solution_exceptions_api.gen'; export const services = { ...commonServices, @@ -43,7 +44,8 @@ export const services = { ingestPipelines: IngestPipelinesProvider, indexManagement: IndexManagementProvider, slo: SloApiProvider, - securitySolutionApi: SecuritySolutionApiProvider, fleetAndAgents: FleetAndAgents, - securitySolutionExceptionsApi: SecuritySolutionExceptionsApiProvider, + detectionsApi: DetectionsApiProvider, + entityAnalyticsApi: EntityAnalyticsApiProvider, + exceptionsApi: ExceptionsApiProvider, }; diff --git a/x-pack/test/api_integration/services/security_solution_api.gen.ts b/x-pack/test/api_integration/services/security_solution_api.gen.ts deleted file mode 100644 index 44923b6204b23..0000000000000 --- a/x-pack/test/api_integration/services/security_solution_api.gen.ts +++ /dev/null @@ -1,2145 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -/* - * NOTICE: Do not edit this file manually. - * This file is automatically generated by the OpenAPI Generator, @kbn/openapi-generator. - * - * info: - * title: API client for tests - * version: Bundle (no version) - */ - -import { - ELASTIC_HTTP_VERSION_HEADER, - X_ELASTIC_INTERNAL_ORIGIN_REQUEST, -} from '@kbn/core-http-common'; -import { replaceParams } from '@kbn/openapi-common/shared'; - -import { AlertsMigrationCleanupRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals_migration/delete_signals_migration/delete_signals_migration.gen'; -import { BulkCreateRulesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/bulk_crud/bulk_create_rules/bulk_create_rules_route.gen'; -import { BulkDeleteRulesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/bulk_crud/bulk_delete_rules/bulk_delete_rules_route.gen'; -import { BulkDeleteRulesPostRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/bulk_crud/bulk_delete_rules/bulk_delete_rules_route.gen'; -import { BulkPatchRulesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/bulk_crud/bulk_patch_rules/bulk_patch_rules_route.gen'; -import { BulkUpdateRulesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/bulk_crud/bulk_update_rules/bulk_update_rules_route.gen'; -import { BulkUpsertAssetCriticalityRecordsRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/bulk_upload_asset_criticality.gen'; -import { CleanDraftTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/clean_draft_timelines/clean_draft_timelines_route.gen'; -import { ConfigureRiskEngineSavedObjectRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/risk_engine/engine_configure_saved_object_route.gen'; -import { CopyTimelineRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/copy_timeline/copy_timeline_route.gen'; -import { CreateAlertsMigrationRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals_migration/create_signals_migration/create_signals_migration.gen'; -import { CreateAssetCriticalityRecordRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/create_asset_criticality.gen'; -import { CreateRuleRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/create_rule/create_rule_route.gen'; -import { - CreateRuleMigrationRequestParamsInput, - CreateRuleMigrationRequestBodyInput, -} from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { CreateTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/create_timelines/create_timelines_route.gen'; -import { - CreateUpdateProtectionUpdatesNoteRequestParamsInput, - CreateUpdateProtectionUpdatesNoteRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/endpoint/protection_updates_note/protection_updates_note.gen'; -import { DeleteAssetCriticalityRecordRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/delete_asset_criticality.gen'; -import { - DeleteEntityEngineRequestQueryInput, - DeleteEntityEngineRequestParamsInput, -} from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/delete.gen'; -import { DeleteNoteRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/delete_note/delete_note_route.gen'; -import { DeleteRuleRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/delete_rule/delete_rule_route.gen'; -import { DeleteTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/delete_timelines/delete_timelines_route.gen'; -import { DeprecatedTriggerRiskScoreCalculationRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/risk_engine/entity_calculation_route.gen'; -import { EndpointExecuteActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/execute/execute.gen'; -import { EndpointFileDownloadRequestParamsInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/file_download/file_download.gen'; -import { EndpointFileInfoRequestParamsInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/file_info/file_info.gen'; -import { EndpointGetActionsDetailsRequestParamsInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/details/details.gen'; -import { EndpointGetActionsListRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/list/list.gen'; -import { EndpointGetActionsStatusRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/status/status.gen'; -import { EndpointGetFileActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/get_file/get_file.gen'; -import { EndpointGetProcessesActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/running_procs/running_procs.gen'; -import { EndpointIsolateActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/isolate/isolate.gen'; -import { EndpointIsolateRedirectRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/isolate/deprecated_isolate.gen'; -import { EndpointKillProcessActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/kill_process/kill_process.gen'; -import { EndpointScanActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/scan/scan.gen'; -import { EndpointSuspendProcessActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/suspend_process/suspend_process.gen'; -import { EndpointUnisolateActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/unisolate/unisolate.gen'; -import { EndpointUnisolateRedirectRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/unisolate/deprecated_unisolate.gen'; -import { - ExportRulesRequestQueryInput, - ExportRulesRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/export_rules/export_rules_route.gen'; -import { - ExportTimelinesRequestQueryInput, - ExportTimelinesRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/timeline/export_timelines/export_timelines_route.gen'; -import { FinalizeAlertsMigrationRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals_migration/finalize_signals_migration/finalize_signals_migration.gen'; -import { FindAssetCriticalityRecordsRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/list_asset_criticality.gen'; -import { FindRulesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/find_rules/find_rules_route.gen'; -import { GetAgentPolicySummaryRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/policy/deprecated_agent_policy_summary.gen'; -import { GetAssetCriticalityRecordRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/asset_criticality/get_asset_criticality.gen'; -import { GetDraftTimelinesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/get_draft_timelines/get_draft_timelines_route.gen'; -import { GetEndpointMetadataListRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/metadata/get_metadata.gen'; -import { - GetEndpointSuggestionsRequestParamsInput, - GetEndpointSuggestionsRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/endpoint/suggestions/get_suggestions.gen'; -import { GetEntityEngineRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/get.gen'; -import { GetEntityStoreStatusRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/status.gen'; -import { GetNotesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/get_notes/get_notes_route.gen'; -import { GetPolicyResponseRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/policy/policy_response.gen'; -import { GetProtectionUpdatesNoteRequestParamsInput } from '@kbn/security-solution-plugin/common/api/endpoint/protection_updates_note/protection_updates_note.gen'; -import { - GetRuleExecutionEventsRequestQueryInput, - GetRuleExecutionEventsRequestParamsInput, -} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_monitoring/rule_execution_logs/get_rule_execution_events/get_rule_execution_events_route.gen'; -import { - GetRuleExecutionResultsRequestQueryInput, - GetRuleExecutionResultsRequestParamsInput, -} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_monitoring/rule_execution_logs/get_rule_execution_results/get_rule_execution_results_route.gen'; -import { - GetRuleMigrationRequestQueryInput, - GetRuleMigrationRequestParamsInput, -} from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { GetRuleMigrationPrebuiltRulesRequestParamsInput } from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { - GetRuleMigrationResourcesRequestQueryInput, - GetRuleMigrationResourcesRequestParamsInput, -} from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { GetRuleMigrationResourcesMissingRequestParamsInput } from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { GetRuleMigrationStatsRequestParamsInput } from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { GetRuleMigrationTranslationStatsRequestParamsInput } from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { GetTimelineRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/get_timeline/get_timeline_route.gen'; -import { GetTimelinesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/get_timelines/get_timelines_route.gen'; -import { GetWorkflowInsightsRequestQueryInput } from '@kbn/security-solution-plugin/common/api/endpoint/workflow_insights/workflow_insights.gen'; -import { ImportRulesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/import_rules/import_rules_route.gen'; -import { ImportTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/import_timelines/import_timelines_route.gen'; -import { - InitEntityEngineRequestParamsInput, - InitEntityEngineRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/init.gen'; -import { InitEntityStoreRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/enable.gen'; -import { - InstallMigrationRulesRequestParamsInput, - InstallMigrationRulesRequestBodyInput, -} from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { InstallPrepackedTimelinesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/install_prepackaged_timelines/install_prepackaged_timelines_route.gen'; -import { ListEntitiesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/entities/list_entities.gen'; -import { PatchRuleRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/patch_rule/patch_rule_route.gen'; -import { PatchTimelineRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/patch_timelines/patch_timeline_route.gen'; -import { - PerformRulesBulkActionRequestQueryInput, - PerformRulesBulkActionRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/bulk_actions/bulk_actions_route.gen'; -import { PersistFavoriteRouteRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/persist_favorite/persist_favorite_route.gen'; -import { PersistNoteRouteRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/persist_note/persist_note_route.gen'; -import { PersistPinnedEventRouteRequestBodyInput } from '@kbn/security-solution-plugin/common/api/timeline/pinned_events/pinned_events_route.gen'; -import { PreviewRiskScoreRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/risk_engine/preview_route.gen'; -import { ReadAlertsMigrationStatusRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals_migration/read_signals_migration_status/read_signals_migration_status.gen'; -import { ReadRuleRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/read_rule/read_rule_route.gen'; -import { ResolveTimelineRequestQueryInput } from '@kbn/security-solution-plugin/common/api/timeline/resolve_timeline/resolve_timeline_route.gen'; -import { - RulePreviewRequestQueryInput, - RulePreviewRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/detection_engine/rule_preview/rule_preview.gen'; -import { RunScriptActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/run_script/run_script.gen'; -import { SearchAlertsRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals/query_signals/query_signals_route.gen'; -import { SetAlertAssigneesRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/alert_assignees/set_alert_assignees_route.gen'; -import { SetAlertsStatusRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.gen'; -import { SetAlertTagsRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/alert_tags/set_alert_tags/set_alert_tags.gen'; -import { StartEntityEngineRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/start.gen'; -import { - StartRuleMigrationRequestParamsInput, - StartRuleMigrationRequestBodyInput, -} from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { StopEntityEngineRequestParamsInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/entity_store/engine/stop.gen'; -import { StopRuleMigrationRequestParamsInput } from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { SuggestUserProfilesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/users/suggest_user_profiles_route.gen'; -import { TriggerRiskScoreCalculationRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/risk_engine/entity_calculation_route.gen'; -import { UpdateRuleRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/update_rule/update_rule_route.gen'; -import { - UpdateRuleMigrationRequestParamsInput, - UpdateRuleMigrationRequestBodyInput, -} from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { - UpdateWorkflowInsightRequestParamsInput, - UpdateWorkflowInsightRequestBodyInput, -} from '@kbn/security-solution-plugin/common/api/endpoint/workflow_insights/workflow_insights.gen'; -import { - UpsertRuleMigrationResourcesRequestParamsInput, - UpsertRuleMigrationResourcesRequestBodyInput, -} from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen'; -import { routeWithNamespace } from '../../common/utils/security_solution'; -import { FtrProviderContext } from '../ftr_provider_context'; - -export function SecuritySolutionApiProvider({ getService }: FtrProviderContext) { - const supertest = getService('supertest'); - - return { - /** - * Migrations favor data integrity over shard size. Consequently, unused or orphaned indices are artifacts of -the migration process. A successful migration will result in both the old and new indices being present. -As such, the old, orphaned index can (and likely should) be deleted. - -While you can delete these indices manually, -the endpoint accomplishes this task by applying a deletion policy to the relevant index, causing it to be deleted -after 30 days. It also deletes other artifacts specific to the migration implementation. - - */ - alertsMigrationCleanup(props: AlertsMigrationCleanupProps, kibanaSpace: string = 'default') { - return supertest - .delete(routeWithNamespace('/api/detection_engine/signals/migration', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - applyEntityEngineDataviewIndices(kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/api/entity_store/engines/apply_dataview_indices', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - assetCriticalityGetPrivileges(kibanaSpace: string = 'default') { - return supertest - .get(routeWithNamespace('/internal/asset_criticality/privileges', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Ensures that the packages needed for prebuilt detection rules to work are installed and up to date - */ - bootstrapPrebuiltRules(kibanaSpace: string = 'default') { - return supertest - .post( - routeWithNamespace('/internal/detection_engine/prebuilt_rules/_bootstrap', kibanaSpace) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Create new detection rules in bulk. -> warn -> This API is deprecated and will be removed in Kibana v9.0. - -> warn -> When used with [API key](https://www.elastic.co/guide/en/kibana/current/api-keys.html) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. - -> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. - - */ - bulkCreateRules(props: BulkCreateRulesProps, kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/api/detection_engine/rules/_bulk_create', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Delete detection rules in bulk. -> warn -> This API is deprecated and will be removed in Kibana v9.0. - - */ - bulkDeleteRules(props: BulkDeleteRulesProps, kibanaSpace: string = 'default') { - return supertest - .delete(routeWithNamespace('/api/detection_engine/rules/_bulk_delete', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Delete detection rules in bulk. -> warn -> This API is deprecated and will be removed in Kibana v9.0. - - */ - bulkDeleteRulesPost(props: BulkDeleteRulesPostProps, kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/api/detection_engine/rules/_bulk_delete', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Update specific fields of existing detection rules using the `rule_id` or `id` field. -> warn -> This API is deprecated and will be removed in Kibana v9.0. - -> warn -> When used with [API key](https://www.elastic.co/guide/en/kibana/current/api-keys.html) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. - -> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. - - */ - bulkPatchRules(props: BulkPatchRulesProps, kibanaSpace: string = 'default') { - return supertest - .patch(routeWithNamespace('/api/detection_engine/rules/_bulk_update', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Update multiple detection rules using the `rule_id` or `id` field. The original rules are replaced, and all unspecified fields are deleted. -> warn -> This API is deprecated and will be removed in Kibana v9.0. - -> warn -> When used with [API key](https://www.elastic.co/guide/en/kibana/current/api-keys.html) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. - -> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. - - */ - bulkUpdateRules(props: BulkUpdateRulesProps, kibanaSpace: string = 'default') { - return supertest - .put(routeWithNamespace('/api/detection_engine/rules/_bulk_update', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Bulk upsert up to 1000 asset criticality records. - -If asset criticality records already exist for the specified entities, those records are overwritten with the specified values. If asset criticality records don't exist for the specified entities, new records are created. - - */ - bulkUpsertAssetCriticalityRecords( - props: BulkUpsertAssetCriticalityRecordsProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(routeWithNamespace('/api/asset_criticality/bulk', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Create a clean draft Timeline or Timeline template for the current user. -> info -> If the user already has a draft Timeline, the existing draft Timeline is cleared and returned. - - */ - cleanDraftTimelines(props: CleanDraftTimelinesProps, kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/api/timeline/_draft', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Cleaning up the the Risk Engine by removing the indices, mapping and transforms - */ - cleanUpRiskEngine(kibanaSpace: string = 'default') { - return supertest - .delete(routeWithNamespace('/api/risk_score/engine/dangerously_delete_data', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Configuring the Risk Engine Saved Object - */ - configureRiskEngineSavedObject( - props: ConfigureRiskEngineSavedObjectProps, - kibanaSpace: string = 'default' - ) { - return supertest - .patch(routeWithNamespace('/api/risk_score/engine/saved_object/configure', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Copies and returns a timeline or timeline template. - - */ - copyTimeline(props: CopyTimelineProps, kibanaSpace: string = 'default') { - return supertest - .get(routeWithNamespace('/api/timeline/_copy', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - createAlertsIndex(kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/api/detection_engine/index', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Initiate a migration of detection alerts. -Migrations are initiated per index. While the process is neither destructive nor interferes with existing data, it may be resource-intensive. As such, it is recommended that you plan your migrations accordingly. - - */ - createAlertsMigration(props: CreateAlertsMigrationProps, kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/api/detection_engine/signals/migration', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Create or update an asset criticality record for a specific entity. - -If a record already exists for the specified entity, that record is overwritten with the specified value. If a record doesn't exist for the specified entity, a new record is created. - - */ - createAssetCriticalityRecord( - props: CreateAssetCriticalityRecordProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(routeWithNamespace('/api/asset_criticality', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Create a new detection rule. -> warn -> When used with [API key](https://www.elastic.co/guide/en/kibana/current/api-keys.html) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. - -> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. - -You can create the following types of rules: - -* **Custom query**: Searches the defined indices and creates an alert when a document matches the rule's KQL query. -* **Event correlation**: Searches the defined indices and creates an alert when results match an [Event Query Language (EQL)](https://www.elastic.co/guide/en/elasticsearch/reference/current/eql.html) query. -* **Threshold**: Searches the defined indices and creates an alert when the number of times the specified field's value meets the threshold during a single execution. When there are multiple values that meet the threshold, an alert is generated for each value. - For example, if the threshold `field` is `source.ip` and its `value` is `10`, an alert is generated for every source IP address that appears in at least 10 of the rule's search results. If you're interested, see [Terms Aggregation](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-terms-aggregation.html) for more information. -* **Indicator match**: Creates an alert when fields match values defined in the specified [Elasticsearch index](https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-create-index.html). For example, you can create an index for IP addresses and use this index to create an alert whenever an event's `destination.ip` equals a value in the index. The index's field mappings should be [ECS-compliant](https://www.elastic.co/guide/en/ecs/current/ecs-reference.html). -* **New terms**: Generates an alert for each new term detected in source documents within a specified time range. -* **ES|QL**: Uses [Elasticsearch Query Language (ES|QL)](https://www.elastic.co/guide/en/elasticsearch/reference/current/esql.html) to find events and aggregate search results. -* **Machine learning rules**: Creates an alert when a machine learning job discovers an anomaly above the defined threshold. -> info -> To create machine learning rules, you must have the [appropriate license](https://www.elastic.co/subscriptions) or use a [cloud deployment](https://cloud.elastic.co/registration). Additionally, for the machine learning rule to function correctly, the associated machine learning job must be running. - -To retrieve machine learning job IDs, which are required to create machine learning jobs, call the [Elasticsearch Get jobs API](https://www.elastic.co/guide/en/elasticsearch/reference/current/ml-get-job.html). Machine learning jobs that contain `siem` in the `groups` field can be used to create rules: - -```json -... -"job_id": "linux_anomalous_network_activity_ecs", -"job_type": "anomaly_detector", -"job_version": "7.7.0", -"groups": [ - "auditbeat", - "process", - "siem" -], -... -``` - -Additionally, you can set up notifications for when rules create alerts. The notifications use the [Alerting and Actions framework](https://www.elastic.co/guide/en/kibana/current/alerting-getting-started.html). Each action type requires a connector. Connectors store the information required to send notifications via external systems. The following connector types are supported for rule notifications: - -* Slack -* Email -* PagerDuty -* Webhook -* Microsoft Teams -* IBM Resilient -* Jira -* ServiceNow ITSM -> info -> For more information on PagerDuty fields, see [Send a v2 Event](https://developer.pagerduty.com/docs/events-api-v2/trigger-events/). - -To retrieve connector IDs, which are required to configure rule notifications, call the [Find objects API](https://www.elastic.co/guide/en/kibana/current/saved-objects-api-find.html) with `"type": "action"` in the request payload. - -For detailed information on Kibana actions and alerting, and additional API calls, see: - -* [Alerting API](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-alerting) -* [Alerting and Actions framework](https://www.elastic.co/guide/en/kibana/current/alerting-getting-started.html) -* [Connectors API](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-connectors) - - */ - createRule(props: CreateRuleProps, kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/api/detection_engine/rules', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Creates a new SIEM rules migration using the original vendor rules provided - */ - createRuleMigration(props: CreateRuleMigrationProps, kibanaSpace: string = 'default') { - return supertest - .post( - routeWithNamespace( - replaceParams('/internal/siem_migrations/rules/{migration_id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Create a new Timeline or Timeline template. - */ - createTimelines(props: CreateTimelinesProps, kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/api/timeline', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - createUpdateProtectionUpdatesNote( - props: CreateUpdateProtectionUpdatesNoteProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post( - routeWithNamespace( - replaceParams( - '/api/endpoint/protection_updates_note/{package_policy_id}', - props.params - ), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - deleteAlertsIndex(kibanaSpace: string = 'default') { - return supertest - .delete(routeWithNamespace('/api/detection_engine/index', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Delete the asset criticality record for a specific entity. - */ - deleteAssetCriticalityRecord( - props: DeleteAssetCriticalityRecordProps, - kibanaSpace: string = 'default' - ) { - return supertest - .delete(routeWithNamespace('/api/asset_criticality', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - deleteEntityEngine(props: DeleteEntityEngineProps, kibanaSpace: string = 'default') { - return supertest - .delete( - routeWithNamespace( - replaceParams('/api/entity_store/engines/{entityType}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Delete a note from a Timeline using the note ID. - */ - deleteNote(props: DeleteNoteProps, kibanaSpace: string = 'default') { - return supertest - .delete(routeWithNamespace('/api/note', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Delete a detection rule using the `rule_id` or `id` field. - -The URL query must include one of the following: - -* `id` - `DELETE /api/detection_engine/rules?id=` -* `rule_id`- `DELETE /api/detection_engine/rules?rule_id=` - -The difference between the `id` and `rule_id` is that the `id` is a unique rule identifier that is randomly generated when a rule is created and cannot be set, whereas `rule_id` is a stable rule identifier that can be assigned during rule creation. - - */ - deleteRule(props: DeleteRuleProps, kibanaSpace: string = 'default') { - return supertest - .delete(routeWithNamespace('/api/detection_engine/rules', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Delete one or more Timelines or Timeline templates. - */ - deleteTimelines(props: DeleteTimelinesProps, kibanaSpace: string = 'default') { - return supertest - .delete(routeWithNamespace('/api/timeline', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Calculates and persists Risk Scores for an entity, returning the calculated risk score. - */ - deprecatedTriggerRiskScoreCalculation( - props: DeprecatedTriggerRiskScoreCalculationProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(routeWithNamespace('/api/risk_scores/calculation/entity', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - disableRiskEngine(kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/internal/risk_score/engine/disable', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - enableRiskEngine(kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/internal/risk_score/engine/enable', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Run a shell command on an endpoint. - */ - endpointExecuteAction(props: EndpointExecuteActionProps, kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/api/endpoint/action/execute', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Download a file from an endpoint. - */ - endpointFileDownload(props: EndpointFileDownloadProps, kibanaSpace: string = 'default') { - return supertest - .get( - routeWithNamespace( - replaceParams('/api/endpoint/action/{action_id}/file/{file_id}/download', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Get information for the specified file using the file ID. - */ - endpointFileInfo(props: EndpointFileInfoProps, kibanaSpace: string = 'default') { - return supertest - .get( - routeWithNamespace( - replaceParams('/api/endpoint/action/{action_id}/file/{file_id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Get the details of a response action using the action ID. - */ - endpointGetActionsDetails( - props: EndpointGetActionsDetailsProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get( - routeWithNamespace( - replaceParams('/api/endpoint/action/{action_id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Get a list of all response actions. - */ - endpointGetActionsList(props: EndpointGetActionsListProps, kibanaSpace: string = 'default') { - return supertest - .get(routeWithNamespace('/api/endpoint/action', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Get a response actions state, which reports whether encryption is enabled. - */ - endpointGetActionsState(kibanaSpace: string = 'default') { - return supertest - .get(routeWithNamespace('/api/endpoint/action/state', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Get the status of response actions for the specified agent IDs. - */ - endpointGetActionsStatus( - props: EndpointGetActionsStatusProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get(routeWithNamespace('/api/endpoint/action_status', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Get a file from an endpoint. - */ - endpointGetFileAction(props: EndpointGetFileActionProps, kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/api/endpoint/action/get_file', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Get a list of all processes running on an endpoint. - */ - endpointGetProcessesAction( - props: EndpointGetProcessesActionProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(routeWithNamespace('/api/endpoint/action/running_procs', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Isolate an endpoint from the network. The endpoint remains isolated until it's released. - */ - endpointIsolateAction(props: EndpointIsolateActionProps, kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/api/endpoint/action/isolate', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Isolate an endpoint from the network. -> info -> This URL will return a 308 permanent redirect to `POST :/api/endpoint/action/isolate`. - - */ - endpointIsolateRedirect(props: EndpointIsolateRedirectProps, kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/api/endpoint/isolate', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Terminate a running process on an endpoint. - */ - endpointKillProcessAction( - props: EndpointKillProcessActionProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(routeWithNamespace('/api/endpoint/action/kill_process', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Scan a specific file or directory on an endpoint for malware. - */ - endpointScanAction(props: EndpointScanActionProps, kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/api/endpoint/action/scan', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Suspend a running process on an endpoint. - */ - endpointSuspendProcessAction( - props: EndpointSuspendProcessActionProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(routeWithNamespace('/api/endpoint/action/suspend_process', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Release an isolated endpoint, allowing it to rejoin a network. - */ - endpointUnisolateAction(props: EndpointUnisolateActionProps, kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/api/endpoint/action/unisolate', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Release an isolated endpoint, allowing it to rejoin a network. -> info -> This URL will return a 308 permanent redirect to `POST :/api/endpoint/action/unisolate`. - - */ - endpointUnisolateRedirect( - props: EndpointUnisolateRedirectProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(routeWithNamespace('/api/endpoint/unisolate', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Upload a file to an endpoint. - */ - endpointUploadAction(kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/api/endpoint/action/upload', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - entityStoreGetPrivileges(kibanaSpace: string = 'default') { - return supertest - .get(routeWithNamespace('/internal/entity_store/privileges', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Export detection rules to an `.ndjson` file. The following configuration items are also included in the `.ndjson` file: -- Actions -- Exception lists -> info -> Rule actions and connectors are included in the exported file, but sensitive information about the connector (such as authentication credentials) is not included. You must re-add missing connector details after importing detection rules. - -> You can use Kibana’s [Saved Objects](https://www.elastic.co/guide/en/kibana/current/managing-saved-objects.html) UI (Stack Management → Kibana → Saved Objects) or the Saved Objects APIs (experimental) to [export](https://www.elastic.co/docs/api/doc/kibana/operation/operation-exportsavedobjectsdefault) and [import](https://www.elastic.co/docs/api/doc/kibana/operation/operation-importsavedobjectsdefault) any necessary connectors before importing detection rules. - -> Similarly, any value lists used for rule exceptions are not included in rule exports or imports. Use the [Manage value lists](https://www.elastic.co/guide/en/security/current/value-lists-exceptions.html#manage-value-lists) UI (Rules → Detection rules (SIEM) → Manage value lists) to export and import value lists separately. - - */ - exportRules(props: ExportRulesProps, kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/api/detection_engine/rules/_export', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object) - .query(props.query); - }, - /** - * Export Timelines as an NDJSON file. - */ - exportTimelines(props: ExportTimelinesProps, kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/api/timeline/_export', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object) - .query(props.query); - }, - /** - * Finalize successful migrations of detection alerts. This replaces the original index's alias with the successfully migrated index's alias. -The endpoint is idempotent; therefore, it can safely be used to poll a given migration and, upon completion, -finalize it. - - */ - finalizeAlertsMigration(props: FinalizeAlertsMigrationProps, kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/api/detection_engine/signals/finalize_migration', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * List asset criticality records, paging, sorting and filtering as needed. - */ - findAssetCriticalityRecords( - props: FindAssetCriticalityRecordsProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get(routeWithNamespace('/api/asset_criticality/list', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Retrieve a paginated list of detection rules. By default, the first page is returned, with 20 results per page. - */ - findRules(props: FindRulesProps, kibanaSpace: string = 'default') { - return supertest - .get(routeWithNamespace('/api/detection_engine/rules/_find', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - getAgentPolicySummary(props: GetAgentPolicySummaryProps, kibanaSpace: string = 'default') { - return supertest - .get(routeWithNamespace('/api/endpoint/policy/summaries', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Retrieves the rule migrations stats for all migrations stored in the system - */ - getAllStatsRuleMigration(kibanaSpace: string = 'default') { - return supertest - .get(routeWithNamespace('/internal/siem_migrations/rules/stats', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Get the asset criticality record for a specific entity. - */ - getAssetCriticalityRecord( - props: GetAssetCriticalityRecordProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get(routeWithNamespace('/api/asset_criticality', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - getAssetCriticalityStatus(kibanaSpace: string = 'default') { - return supertest - .get(routeWithNamespace('/internal/asset_criticality/status', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Get the details of the draft Timeline or Timeline template for the current user. If the user doesn't have a draft Timeline, an empty Timeline is returned. - */ - getDraftTimelines(props: GetDraftTimelinesProps, kibanaSpace: string = 'default') { - return supertest - .get(routeWithNamespace('/api/timeline/_draft', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - getEndpointMetadataList(props: GetEndpointMetadataListProps, kibanaSpace: string = 'default') { - return supertest - .get(routeWithNamespace('/api/endpoint/metadata', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - getEndpointSuggestions(props: GetEndpointSuggestionsProps, kibanaSpace: string = 'default') { - return supertest - .post( - routeWithNamespace( - replaceParams('/api/endpoint/suggestions/{suggestion_type}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - getEntityEngine(props: GetEntityEngineProps, kibanaSpace: string = 'default') { - return supertest - .get( - routeWithNamespace( - replaceParams('/api/entity_store/engines/{entityType}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - getEntityStoreStatus(props: GetEntityStoreStatusProps, kibanaSpace: string = 'default') { - return supertest - .get(routeWithNamespace('/api/entity_store/status', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Get all notes for a given document. - */ - getNotes(props: GetNotesProps, kibanaSpace: string = 'default') { - return supertest - .get(routeWithNamespace('/api/note', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - getPolicyResponse(props: GetPolicyResponseProps, kibanaSpace: string = 'default') { - return supertest - .get(routeWithNamespace('/api/endpoint/policy_response', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - getProtectionUpdatesNote( - props: GetProtectionUpdatesNoteProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get( - routeWithNamespace( - replaceParams( - '/api/endpoint/protection_updates_note/{package_policy_id}', - props.params - ), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Returns the status of both the legacy transform-based risk engine, as well as the new risk engine - */ - getRiskEngineStatus(kibanaSpace: string = 'default') { - return supertest - .get(routeWithNamespace('/internal/risk_score/engine/status', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - getRuleExecutionEvents(props: GetRuleExecutionEventsProps, kibanaSpace: string = 'default') { - return supertest - .put( - routeWithNamespace( - replaceParams( - '/internal/detection_engine/rules/{ruleId}/execution/events', - props.params - ), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - getRuleExecutionResults(props: GetRuleExecutionResultsProps, kibanaSpace: string = 'default') { - return supertest - .put( - routeWithNamespace( - replaceParams( - '/internal/detection_engine/rules/{ruleId}/execution/results', - props.params - ), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Retrieves the rule documents stored in the system given the rule migration id - */ - getRuleMigration(props: GetRuleMigrationProps, kibanaSpace: string = 'default') { - return supertest - .get( - routeWithNamespace( - replaceParams('/internal/siem_migrations/rules/{migration_id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Retrieves all related integrations - */ - getRuleMigrationIntegrations(kibanaSpace: string = 'default') { - return supertest - .get(routeWithNamespace('/internal/siem_migrations/rules/integrations', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieves all available prebuilt rules (installed and installable) - */ - getRuleMigrationPrebuiltRules( - props: GetRuleMigrationPrebuiltRulesProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get( - routeWithNamespace( - replaceParams( - '/internal/siem_migrations/rules/{migration_id}/prebuilt_rules', - props.params - ), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Identifies the privileges required for a SIEM rules migration and returns the missing privileges - */ - getRuleMigrationPrivileges(kibanaSpace: string = 'default') { - return supertest - .get(routeWithNamespace('/internal/siem_migrations/rules/missing_privileges', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieves resources for an existing SIEM rules migration - */ - getRuleMigrationResources( - props: GetRuleMigrationResourcesProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get( - routeWithNamespace( - replaceParams('/internal/siem_migrations/rules/{migration_id}/resources', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Identifies missing resources from all the rules of an existing SIEM rules migration - */ - getRuleMigrationResourcesMissing( - props: GetRuleMigrationResourcesMissingProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get( - routeWithNamespace( - replaceParams( - '/internal/siem_migrations/rules/{migration_id}/resources/missing', - props.params - ), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieves the stats of a SIEM rules migration using the migration id provided - */ - getRuleMigrationStats(props: GetRuleMigrationStatsProps, kibanaSpace: string = 'default') { - return supertest - .get( - routeWithNamespace( - replaceParams('/internal/siem_migrations/rules/{migration_id}/stats', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieves the translation stats of a SIEM rules migration using the migration id provided - */ - getRuleMigrationTranslationStats( - props: GetRuleMigrationTranslationStatsProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get( - routeWithNamespace( - replaceParams( - '/internal/siem_migrations/rules/{migration_id}/translation_stats', - props.params - ), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Get the details of an existing saved Timeline or Timeline template. - */ - getTimeline(props: GetTimelineProps, kibanaSpace: string = 'default') { - return supertest - .get(routeWithNamespace('/api/timeline', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Get a list of all saved Timelines or Timeline templates. - */ - getTimelines(props: GetTimelinesProps, kibanaSpace: string = 'default') { - return supertest - .get(routeWithNamespace('/api/timelines', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - getWorkflowInsights(props: GetWorkflowInsightsProps, kibanaSpace: string = 'default') { - return supertest - .get(routeWithNamespace('/internal/api/endpoint/workflow_insights', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Import detection rules from an `.ndjson` file, including actions and exception lists. The request must include: -- The `Content-Type: multipart/form-data` HTTP header. -- A link to the `.ndjson` file containing the rules. -> warn -> When used with [API key](https://www.elastic.co/guide/en/kibana/current/api-keys.html) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. - -> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. -> info -> To import rules with actions, you need at least Read privileges for the Action and Connectors feature. To overwrite or add new connectors, you need All privileges for the Actions and Connectors feature. To import rules without actions, you don’t need Actions and Connectors privileges. Refer to [Enable and access detections](https://www.elastic.co/guide/en/security/current/detections-permissions-section.html#enable-detections-ui) for more information. - -> info -> Rule actions and connectors are included in the exported file, but sensitive information about the connector (such as authentication credentials) is not included. You must re-add missing connector details after importing detection rules. - -> You can use Kibana’s [Saved Objects](https://www.elastic.co/guide/en/kibana/current/managing-saved-objects.html) UI (Stack Management → Kibana → Saved Objects) or the Saved Objects APIs (experimental) to [export](https://www.elastic.co/docs/api/doc/kibana/operation/operation-exportsavedobjectsdefault) and [import](https://www.elastic.co/docs/api/doc/kibana/operation/operation-importsavedobjectsdefault) any necessary connectors before importing detection rules. - -> Similarly, any value lists used for rule exceptions are not included in rule exports or imports. Use the [Manage value lists](https://www.elastic.co/guide/en/security/current/value-lists-exceptions.html#manage-value-lists) UI (Rules → Detection rules (SIEM) → Manage value lists) to export and import value lists separately. - - */ - importRules(props: ImportRulesProps, kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/api/detection_engine/rules/_import', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Import Timelines. - */ - importTimelines(props: ImportTimelinesProps, kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/api/timeline/_import', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - initEntityEngine(props: InitEntityEngineProps, kibanaSpace: string = 'default') { - return supertest - .post( - routeWithNamespace( - replaceParams('/api/entity_store/engines/{entityType}/init', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - initEntityStore(props: InitEntityStoreProps, kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/api/entity_store/enable', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Initializes the Risk Engine by creating the necessary indices and mappings, removing old transforms, and starting the new risk engine - */ - initRiskEngine(kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/internal/risk_score/engine/init', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Installs migration rules - */ - installMigrationRules(props: InstallMigrationRulesProps, kibanaSpace: string = 'default') { - return supertest - .post( - routeWithNamespace( - replaceParams('/internal/siem_migrations/rules/{migration_id}/install', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Install and update all Elastic prebuilt detection rules and Timelines. - -This endpoint allows you to install and update prebuilt detection rules and Timelines provided by Elastic. -When you call this endpoint, it will: -- Install any new prebuilt detection rules that are not currently installed in your system. -- Update any existing prebuilt detection rules that have been modified or improved by Elastic. -- Install any new prebuilt Timelines that are not currently installed in your system. -- Update any existing prebuilt Timelines that have been modified or improved by Elastic. - -This ensures that your detection engine is always up-to-date with the latest rules and Timelines, -providing you with the most current and effective threat detection capabilities. - - */ - installPrebuiltRulesAndTimelines(kibanaSpace: string = 'default') { - return supertest - .put(routeWithNamespace('/api/detection_engine/rules/prepackaged', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Install or update prepackaged Timelines. - */ - installPrepackedTimelines( - props: InstallPrepackedTimelinesProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(routeWithNamespace('/api/timeline/_prepackaged', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - internalUploadAssetCriticalityRecords(kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/internal/asset_criticality/upload_csv', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * List entities records, paging, sorting and filtering as needed. - */ - listEntities(props: ListEntitiesProps, kibanaSpace: string = 'default') { - return supertest - .get(routeWithNamespace('/api/entity_store/entities/list', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - listEntityEngines(kibanaSpace: string = 'default') { - return supertest - .get(routeWithNamespace('/api/entity_store/engines', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Update specific fields of an existing detection rule using the `rule_id` or `id` field. - -The difference between the `id` and `rule_id` is that the `id` is a unique rule identifier that is randomly generated when a rule is created and cannot be set, whereas `rule_id` is a stable rule identifier that can be assigned during rule creation. -> warn -> When used with [API key](https://www.elastic.co/guide/en/kibana/current/api-keys.html) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. - -> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. - - */ - patchRule(props: PatchRuleProps, kibanaSpace: string = 'default') { - return supertest - .patch(routeWithNamespace('/api/detection_engine/rules', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Update an existing Timeline. You can update the title, description, date range, pinned events, pinned queries, and/or pinned saved queries of an existing Timeline. - */ - patchTimeline(props: PatchTimelineProps, kibanaSpace: string = 'default') { - return supertest - .patch(routeWithNamespace('/api/timeline', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Apply a bulk action, such as bulk edit, duplicate, or delete, to multiple detection rules. The bulk action is applied to all rules that match the query or to the rules listed by their IDs. - -The edit action allows you to add, delete, or set tags, index patterns, investigation fields, rule actions and schedules for multiple rules at once. -The edit action is idempotent, meaning that if you add a tag to a rule that already has that tag, no changes are made. The same is true for other edit actions, for example removing an index pattern that is not specified in a rule will not result in any changes. The only exception is the `add_rule_actions` and `set_rule_actions` action, which is non-idempotent. This means that if you add or set a rule action to a rule that already has that action, a new action is created with a new unique ID. -> warn -> When used with [API key](https://www.elastic.co/guide/en/kibana/current/api-keys.html) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. - -> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. - - */ - performRulesBulkAction(props: PerformRulesBulkActionProps, kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/api/detection_engine/rules/_bulk_action', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object) - .query(props.query); - }, - /** - * Favorite a Timeline or Timeline template for the current user. - */ - persistFavoriteRoute(props: PersistFavoriteRouteProps, kibanaSpace: string = 'default') { - return supertest - .patch(routeWithNamespace('/api/timeline/_favorite', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Add a note to a Timeline or update an existing note. - */ - persistNoteRoute(props: PersistNoteRouteProps, kibanaSpace: string = 'default') { - return supertest - .patch(routeWithNamespace('/api/note', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Pin/unpin an event to/from an existing Timeline. - */ - persistPinnedEventRoute(props: PersistPinnedEventRouteProps, kibanaSpace: string = 'default') { - return supertest - .patch(routeWithNamespace('/api/pinned_event', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Calculates and returns a list of Risk Scores, sorted by identifier_type and risk score. - */ - previewRiskScore(props: PreviewRiskScoreProps, kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/internal/risk_score/preview', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - readAlertsIndex(kibanaSpace: string = 'default') { - return supertest - .get(routeWithNamespace('/api/detection_engine/index', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieve indices that contain detection alerts of a particular age, along with migration information for each of those indices. - */ - readAlertsMigrationStatus( - props: ReadAlertsMigrationStatusProps, - kibanaSpace: string = 'default' - ) { - return supertest - .get(routeWithNamespace('/api/detection_engine/signals/migration_status', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Retrieve the status of all Elastic prebuilt detection rules and Timelines. - -This endpoint provides detailed information about the number of custom rules, installed prebuilt rules, available prebuilt rules that are not installed, outdated prebuilt rules, installed prebuilt timelines, available prebuilt timelines that are not installed, and outdated prebuilt timelines. - - */ - readPrebuiltRulesAndTimelinesStatus(kibanaSpace: string = 'default') { - return supertest - .get(routeWithNamespace('/api/detection_engine/rules/prepackaged/_status', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieves whether or not the user is authenticated, and the user's Kibana -space and index privileges, which determine if the user can create an -index for the Elastic Security alerts generated by -detection engine rules. - - */ - readPrivileges(kibanaSpace: string = 'default') { - return supertest - .get(routeWithNamespace('/api/detection_engine/privileges', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - readRiskEngineSettings(kibanaSpace: string = 'default') { - return supertest - .get(routeWithNamespace('/internal/risk_score/engine/settings', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Retrieve a detection rule using the `rule_id` or `id` field. - -The URL query must include one of the following: - -* `id` - `GET /api/detection_engine/rules?id=` -* `rule_id` - `GET /api/detection_engine/rules?rule_id=` - -The difference between the `id` and `rule_id` is that the `id` is a unique rule identifier that is randomly generated when a rule is created and cannot be set, whereas `rule_id` is a stable rule identifier that can be assigned during rule creation. - - */ - readRule(props: ReadRuleProps, kibanaSpace: string = 'default') { - return supertest - .get(routeWithNamespace('/api/detection_engine/rules', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * List all unique tags from all detection rules. - */ - readTags(kibanaSpace: string = 'default') { - return supertest - .get(routeWithNamespace('/api/detection_engine/tags', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - resolveTimeline(props: ResolveTimelineProps, kibanaSpace: string = 'default') { - return supertest - .get(routeWithNamespace('/api/timeline/resolve', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - riskEngineGetPrivileges(kibanaSpace: string = 'default') { - return supertest - .get(routeWithNamespace('/internal/risk_engine/privileges', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - rulePreview(props: RulePreviewProps, kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/api/detection_engine/rules/preview', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object) - .query(props.query); - }, - runEntityAnalyticsMigrations(kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/internal/entity_analytics/migrations/run', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Run a shell command on an endpoint. - */ - runScriptAction(props: RunScriptActionProps, kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/api/endpoint/action/runscript', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Schedule the risk scoring engine to run as soon as possible. You can use this to recalculate entity risk scores after updating their asset criticality. - */ - scheduleRiskEngineNow(kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/api/risk_score/engine/schedule_now', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Find and/or aggregate detection alerts that match the given query. - */ - searchAlerts(props: SearchAlertsProps, kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/api/detection_engine/signals/search', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Assign users to detection alerts, and unassign them from alerts. -> info -> You cannot add and remove the same assignee in the same request. - - */ - setAlertAssignees(props: SetAlertAssigneesProps, kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/api/detection_engine/signals/assignees', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Set the status of one or more detection alerts. - */ - setAlertsStatus(props: SetAlertsStatusProps, kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/api/detection_engine/signals/status', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * And tags to detection alerts, and remove them from alerts. -> info -> You cannot add and remove the same alert tag in the same request. - - */ - setAlertTags(props: SetAlertTagsProps, kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/api/detection_engine/signals/tags', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - startEntityEngine(props: StartEntityEngineProps, kibanaSpace: string = 'default') { - return supertest - .post( - routeWithNamespace( - replaceParams('/api/entity_store/engines/{entityType}/start', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Starts a SIEM rules migration using the migration id provided - */ - startRuleMigration(props: StartRuleMigrationProps, kibanaSpace: string = 'default') { - return supertest - .put( - routeWithNamespace( - replaceParams('/internal/siem_migrations/rules/{migration_id}/start', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - stopEntityEngine(props: StopEntityEngineProps, kibanaSpace: string = 'default') { - return supertest - .post( - routeWithNamespace( - replaceParams('/api/entity_store/engines/{entityType}/stop', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Stops a running SIEM rules migration using the migration id provided - */ - stopRuleMigration(props: StopRuleMigrationProps, kibanaSpace: string = 'default') { - return supertest - .put( - routeWithNamespace( - replaceParams('/internal/siem_migrations/rules/{migration_id}/stop', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Suggests user profiles. - */ - suggestUserProfiles(props: SuggestUserProfilesProps, kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/internal/detection_engine/users/_find', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .query(props.query); - }, - /** - * Calculates and persists Risk Scores for an entity, returning the calculated risk score. - */ - triggerRiskScoreCalculation( - props: TriggerRiskScoreCalculationProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post(routeWithNamespace('/internal/risk_score/calculation/entity', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Update a detection rule using the `rule_id` or `id` field. The original rule is replaced, and all unspecified fields are deleted. - -The difference between the `id` and `rule_id` is that the `id` is a unique rule identifier that is randomly generated when a rule is created and cannot be set, whereas `rule_id` is a stable rule identifier that can be assigned during rule creation. -> warn -> When used with [API key](https://www.elastic.co/guide/en/kibana/current/api-keys.html) authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running. - -> If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change. - - */ - updateRule(props: UpdateRuleProps, kibanaSpace: string = 'default') { - return supertest - .put(routeWithNamespace('/api/detection_engine/rules', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - /** - * Updates rules migrations attributes - */ - updateRuleMigration(props: UpdateRuleMigrationProps, kibanaSpace: string = 'default') { - return supertest - .put( - routeWithNamespace( - replaceParams('/internal/siem_migrations/rules/{migration_id}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - updateWorkflowInsight(props: UpdateWorkflowInsightProps, kibanaSpace: string = 'default') { - return supertest - .put( - routeWithNamespace( - replaceParams('/internal/api/endpoint/workflow_insights/{insightId}', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - uploadAssetCriticalityRecords(kibanaSpace: string = 'default') { - return supertest - .post(routeWithNamespace('/api/asset_criticality/upload_csv', kibanaSpace)) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); - }, - /** - * Creates or updates resources for an existing SIEM rules migration - */ - upsertRuleMigrationResources( - props: UpsertRuleMigrationResourcesProps, - kibanaSpace: string = 'default' - ) { - return supertest - .post( - routeWithNamespace( - replaceParams('/internal/siem_migrations/rules/{migration_id}/resources', props.params), - kibanaSpace - ) - ) - .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); - }, - }; -} - -export interface AlertsMigrationCleanupProps { - body: AlertsMigrationCleanupRequestBodyInput; -} -export interface BulkCreateRulesProps { - body: BulkCreateRulesRequestBodyInput; -} -export interface BulkDeleteRulesProps { - body: BulkDeleteRulesRequestBodyInput; -} -export interface BulkDeleteRulesPostProps { - body: BulkDeleteRulesPostRequestBodyInput; -} -export interface BulkPatchRulesProps { - body: BulkPatchRulesRequestBodyInput; -} -export interface BulkUpdateRulesProps { - body: BulkUpdateRulesRequestBodyInput; -} -export interface BulkUpsertAssetCriticalityRecordsProps { - body: BulkUpsertAssetCriticalityRecordsRequestBodyInput; -} -export interface CleanDraftTimelinesProps { - body: CleanDraftTimelinesRequestBodyInput; -} -export interface ConfigureRiskEngineSavedObjectProps { - body: ConfigureRiskEngineSavedObjectRequestBodyInput; -} -export interface CopyTimelineProps { - body: CopyTimelineRequestBodyInput; -} -export interface CreateAlertsMigrationProps { - body: CreateAlertsMigrationRequestBodyInput; -} -export interface CreateAssetCriticalityRecordProps { - body: CreateAssetCriticalityRecordRequestBodyInput; -} -export interface CreateRuleProps { - body: CreateRuleRequestBodyInput; -} -export interface CreateRuleMigrationProps { - params: CreateRuleMigrationRequestParamsInput; - body: CreateRuleMigrationRequestBodyInput; -} -export interface CreateTimelinesProps { - body: CreateTimelinesRequestBodyInput; -} -export interface CreateUpdateProtectionUpdatesNoteProps { - params: CreateUpdateProtectionUpdatesNoteRequestParamsInput; - body: CreateUpdateProtectionUpdatesNoteRequestBodyInput; -} -export interface DeleteAssetCriticalityRecordProps { - query: DeleteAssetCriticalityRecordRequestQueryInput; -} -export interface DeleteEntityEngineProps { - query: DeleteEntityEngineRequestQueryInput; - params: DeleteEntityEngineRequestParamsInput; -} -export interface DeleteNoteProps { - body: DeleteNoteRequestBodyInput; -} -export interface DeleteRuleProps { - query: DeleteRuleRequestQueryInput; -} -export interface DeleteTimelinesProps { - body: DeleteTimelinesRequestBodyInput; -} -export interface DeprecatedTriggerRiskScoreCalculationProps { - body: DeprecatedTriggerRiskScoreCalculationRequestBodyInput; -} -export interface EndpointExecuteActionProps { - body: EndpointExecuteActionRequestBodyInput; -} -export interface EndpointFileDownloadProps { - params: EndpointFileDownloadRequestParamsInput; -} -export interface EndpointFileInfoProps { - params: EndpointFileInfoRequestParamsInput; -} -export interface EndpointGetActionsDetailsProps { - params: EndpointGetActionsDetailsRequestParamsInput; -} -export interface EndpointGetActionsListProps { - query: EndpointGetActionsListRequestQueryInput; -} -export interface EndpointGetActionsStatusProps { - query: EndpointGetActionsStatusRequestQueryInput; -} -export interface EndpointGetFileActionProps { - body: EndpointGetFileActionRequestBodyInput; -} -export interface EndpointGetProcessesActionProps { - body: EndpointGetProcessesActionRequestBodyInput; -} -export interface EndpointIsolateActionProps { - body: EndpointIsolateActionRequestBodyInput; -} -export interface EndpointIsolateRedirectProps { - body: EndpointIsolateRedirectRequestBodyInput; -} -export interface EndpointKillProcessActionProps { - body: EndpointKillProcessActionRequestBodyInput; -} -export interface EndpointScanActionProps { - body: EndpointScanActionRequestBodyInput; -} -export interface EndpointSuspendProcessActionProps { - body: EndpointSuspendProcessActionRequestBodyInput; -} -export interface EndpointUnisolateActionProps { - body: EndpointUnisolateActionRequestBodyInput; -} -export interface EndpointUnisolateRedirectProps { - body: EndpointUnisolateRedirectRequestBodyInput; -} -export interface ExportRulesProps { - query: ExportRulesRequestQueryInput; - body: ExportRulesRequestBodyInput; -} -export interface ExportTimelinesProps { - query: ExportTimelinesRequestQueryInput; - body: ExportTimelinesRequestBodyInput; -} -export interface FinalizeAlertsMigrationProps { - body: FinalizeAlertsMigrationRequestBodyInput; -} -export interface FindAssetCriticalityRecordsProps { - query: FindAssetCriticalityRecordsRequestQueryInput; -} -export interface FindRulesProps { - query: FindRulesRequestQueryInput; -} -export interface GetAgentPolicySummaryProps { - query: GetAgentPolicySummaryRequestQueryInput; -} -export interface GetAssetCriticalityRecordProps { - query: GetAssetCriticalityRecordRequestQueryInput; -} -export interface GetDraftTimelinesProps { - query: GetDraftTimelinesRequestQueryInput; -} -export interface GetEndpointMetadataListProps { - query: GetEndpointMetadataListRequestQueryInput; -} -export interface GetEndpointSuggestionsProps { - params: GetEndpointSuggestionsRequestParamsInput; - body: GetEndpointSuggestionsRequestBodyInput; -} -export interface GetEntityEngineProps { - params: GetEntityEngineRequestParamsInput; -} -export interface GetEntityStoreStatusProps { - query: GetEntityStoreStatusRequestQueryInput; -} -export interface GetNotesProps { - query: GetNotesRequestQueryInput; -} -export interface GetPolicyResponseProps { - query: GetPolicyResponseRequestQueryInput; -} -export interface GetProtectionUpdatesNoteProps { - params: GetProtectionUpdatesNoteRequestParamsInput; -} -export interface GetRuleExecutionEventsProps { - query: GetRuleExecutionEventsRequestQueryInput; - params: GetRuleExecutionEventsRequestParamsInput; -} -export interface GetRuleExecutionResultsProps { - query: GetRuleExecutionResultsRequestQueryInput; - params: GetRuleExecutionResultsRequestParamsInput; -} -export interface GetRuleMigrationProps { - query: GetRuleMigrationRequestQueryInput; - params: GetRuleMigrationRequestParamsInput; -} -export interface GetRuleMigrationPrebuiltRulesProps { - params: GetRuleMigrationPrebuiltRulesRequestParamsInput; -} -export interface GetRuleMigrationResourcesProps { - query: GetRuleMigrationResourcesRequestQueryInput; - params: GetRuleMigrationResourcesRequestParamsInput; -} -export interface GetRuleMigrationResourcesMissingProps { - params: GetRuleMigrationResourcesMissingRequestParamsInput; -} -export interface GetRuleMigrationStatsProps { - params: GetRuleMigrationStatsRequestParamsInput; -} -export interface GetRuleMigrationTranslationStatsProps { - params: GetRuleMigrationTranslationStatsRequestParamsInput; -} -export interface GetTimelineProps { - query: GetTimelineRequestQueryInput; -} -export interface GetTimelinesProps { - query: GetTimelinesRequestQueryInput; -} -export interface GetWorkflowInsightsProps { - query: GetWorkflowInsightsRequestQueryInput; -} -export interface ImportRulesProps { - query: ImportRulesRequestQueryInput; -} -export interface ImportTimelinesProps { - body: ImportTimelinesRequestBodyInput; -} -export interface InitEntityEngineProps { - params: InitEntityEngineRequestParamsInput; - body: InitEntityEngineRequestBodyInput; -} -export interface InitEntityStoreProps { - body: InitEntityStoreRequestBodyInput; -} -export interface InstallMigrationRulesProps { - params: InstallMigrationRulesRequestParamsInput; - body: InstallMigrationRulesRequestBodyInput; -} -export interface InstallPrepackedTimelinesProps { - body: InstallPrepackedTimelinesRequestBodyInput; -} -export interface ListEntitiesProps { - query: ListEntitiesRequestQueryInput; -} -export interface PatchRuleProps { - body: PatchRuleRequestBodyInput; -} -export interface PatchTimelineProps { - body: PatchTimelineRequestBodyInput; -} -export interface PerformRulesBulkActionProps { - query: PerformRulesBulkActionRequestQueryInput; - body: PerformRulesBulkActionRequestBodyInput; -} -export interface PersistFavoriteRouteProps { - body: PersistFavoriteRouteRequestBodyInput; -} -export interface PersistNoteRouteProps { - body: PersistNoteRouteRequestBodyInput; -} -export interface PersistPinnedEventRouteProps { - body: PersistPinnedEventRouteRequestBodyInput; -} -export interface PreviewRiskScoreProps { - body: PreviewRiskScoreRequestBodyInput; -} -export interface ReadAlertsMigrationStatusProps { - query: ReadAlertsMigrationStatusRequestQueryInput; -} -export interface ReadRuleProps { - query: ReadRuleRequestQueryInput; -} -export interface ResolveTimelineProps { - query: ResolveTimelineRequestQueryInput; -} -export interface RulePreviewProps { - query: RulePreviewRequestQueryInput; - body: RulePreviewRequestBodyInput; -} -export interface RunScriptActionProps { - body: RunScriptActionRequestBodyInput; -} -export interface SearchAlertsProps { - body: SearchAlertsRequestBodyInput; -} -export interface SetAlertAssigneesProps { - body: SetAlertAssigneesRequestBodyInput; -} -export interface SetAlertsStatusProps { - body: SetAlertsStatusRequestBodyInput; -} -export interface SetAlertTagsProps { - body: SetAlertTagsRequestBodyInput; -} -export interface StartEntityEngineProps { - params: StartEntityEngineRequestParamsInput; -} -export interface StartRuleMigrationProps { - params: StartRuleMigrationRequestParamsInput; - body: StartRuleMigrationRequestBodyInput; -} -export interface StopEntityEngineProps { - params: StopEntityEngineRequestParamsInput; -} -export interface StopRuleMigrationProps { - params: StopRuleMigrationRequestParamsInput; -} -export interface SuggestUserProfilesProps { - query: SuggestUserProfilesRequestQueryInput; -} -export interface TriggerRiskScoreCalculationProps { - body: TriggerRiskScoreCalculationRequestBodyInput; -} -export interface UpdateRuleProps { - body: UpdateRuleRequestBodyInput; -} -export interface UpdateRuleMigrationProps { - params: UpdateRuleMigrationRequestParamsInput; - body: UpdateRuleMigrationRequestBodyInput; -} -export interface UpdateWorkflowInsightProps { - params: UpdateWorkflowInsightRequestParamsInput; - body: UpdateWorkflowInsightRequestBodyInput; -} -export interface UpsertRuleMigrationResourcesProps { - params: UpsertRuleMigrationResourcesRequestParamsInput; - body: UpsertRuleMigrationResourcesRequestBodyInput; -} diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/export_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/export_prebuilt_rules.ts index 57d2e73fe095d..77de0546875b0 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/export_prebuilt_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/export_prebuilt_rules.ts @@ -25,7 +25,7 @@ import { export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const PREBUILT_RULE_ID_A = 'test-prebuilt-rule-a'; @@ -51,7 +51,7 @@ export default ({ getService }: FtrProviderContext): void => { { name: '_export API', exportRules: async () => { - const { body: exportResult } = await securitySolutionApi + const { body: exportResult } = await detectionsApi .exportRules({ query: {}, body: null, @@ -65,7 +65,7 @@ export default ({ getService }: FtrProviderContext): void => { { name: 'bulk actions API', exportRules: async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: {}, body: { action: BulkActionTypeEnum.export }, @@ -135,7 +135,7 @@ export default ({ getService }: FtrProviderContext): void => { await createPrebuiltRuleAssetSavedObjects(es, [PREBUILT_RULE_A, PREBUILT_RULE_B]); await installPrebuiltRules(es, supertest); - await securitySolutionApi + await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID_A, @@ -144,7 +144,7 @@ export default ({ getService }: FtrProviderContext): void => { }, }) .expect(200); - await securitySolutionApi + await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID_B, @@ -213,13 +213,13 @@ export default ({ getService }: FtrProviderContext): void => { const CUSTOM_RULE_ID_2 = 'custom-rule-id-2'; await Promise.all([ - securitySolutionApi + detectionsApi .createRule({ body: getCustomQueryRuleParams({ rule_id: CUSTOM_RULE_ID_1 }) }) .expect(200), - securitySolutionApi + detectionsApi .createRule({ body: getCustomQueryRuleParams({ rule_id: CUSTOM_RULE_ID_2 }) }) .expect(200), - await securitySolutionApi + await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID_B, @@ -230,7 +230,7 @@ export default ({ getService }: FtrProviderContext): void => { .expect(200), ]); - const { body: exportResult } = await securitySolutionApi + const { body: exportResult } = await detectionsApi .exportRules({ query: {}, body: null }) .expect(200) .parse(binaryToString); @@ -281,9 +281,9 @@ export default ({ getService }: FtrProviderContext): void => { const CUSTOM_RULE_ID = 'rule-id-1'; const CUSTOM_RULE = getCustomQueryRuleParams({ rule_id: CUSTOM_RULE_ID }); - await securitySolutionApi.createRule({ body: CUSTOM_RULE }).expect(200); + await detectionsApi.createRule({ body: CUSTOM_RULE }).expect(200); - await securitySolutionApi + await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID_B, @@ -292,7 +292,7 @@ export default ({ getService }: FtrProviderContext): void => { }) .expect(200); - const { body: exportResult } = await securitySolutionApi + const { body: exportResult } = await detectionsApi .performRulesBulkAction({ body: { query: '', action: BulkActionTypeEnum.export }, query: {}, @@ -304,7 +304,7 @@ export default ({ getService }: FtrProviderContext): void => { await deleteAllRules(supertest, log); - await securitySolutionApi + await detectionsApi .importRules({ query: { overwrite: false } }) .attach('file', exportResult, 'rules.ndjson') .expect('Content-Type', 'application/json; charset=utf-8') @@ -312,7 +312,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body: { data: importedRules }, - } = await securitySolutionApi + } = await detectionsApi .findRules({ query: {}, }) @@ -371,7 +371,7 @@ export default ({ getService }: FtrProviderContext): void => { ]); await installPrebuiltRules(es, supertest); - const { body: exportResult } = await securitySolutionApi + const { body: exportResult } = await detectionsApi .exportRules({ query: {}, body: { objects: [{ rule_id: PREBUILT_RULE_ID_A }, { rule_id: PREBUILT_RULE_ID_B }] }, @@ -409,7 +409,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body: { data: prebuiltRules }, - } = await securitySolutionApi + } = await detectionsApi .findRules({ query: { page: 1, per_page: 2, filter: 'alert.attributes.params.immutable: true' }, }) @@ -417,7 +417,7 @@ export default ({ getService }: FtrProviderContext): void => { const prebuiltRuleObjectIds = prebuiltRules.map((rule: RuleResponse) => rule.id); - const { body: exportResult } = await securitySolutionApi + const { body: exportResult } = await detectionsApi .performRulesBulkAction({ query: {}, body: { action: BulkActionTypeEnum.export, ids: prebuiltRuleObjectIds }, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_multiple_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_multiple_prebuilt_rules.ts index 4847566cf699b..0d8abc5f30e59 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_multiple_prebuilt_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_multiple_prebuilt_rules.ts @@ -21,7 +21,7 @@ export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const es = getService('es'); const log = getService('log'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const [PREBUILT_RULE_ID_A, PREBUILT_RULE_ID_B] = ['prebuilt-rule-a', 'prebuilt-rule-b']; const [PREBUILT_RULE_ASSET_A, PREBUILT_RULE_ASSET_B] = [ @@ -81,7 +81,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body: { data: importedRules }, - } = await securitySolutionApi + } = await detectionsApi .findRules({ query: {}, }) @@ -134,7 +134,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body: { data: importedRules }, - } = await securitySolutionApi + } = await detectionsApi .findRules({ query: {}, }) @@ -171,7 +171,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body: { data: importedRules }, - } = await securitySolutionApi + } = await detectionsApi .findRules({ query: {}, }) @@ -226,7 +226,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body: { data: importedRules }, - } = await securitySolutionApi + } = await detectionsApi .findRules({ query: {}, }) diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_outdated_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_outdated_prebuilt_rules.ts index d0764ca6a9cac..7eb3cd701eabe 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_outdated_prebuilt_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_outdated_prebuilt_rules.ts @@ -19,7 +19,7 @@ export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const es = getService('es'); const log = getService('log'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const [PREBUILT_RULE_ID_A, PREBUILT_RULE_ID_B, PREBUILT_RULE_ID_C, PREBUILT_RULE_ID_D] = [ 'prebuilt-rule-a', @@ -117,7 +117,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body: { data: importedRules }, - } = await securitySolutionApi + } = await detectionsApi .findRules({ query: {}, }) @@ -180,13 +180,13 @@ export default ({ getService }: FtrProviderContext): void => { await installPrebuiltRules(es, supertest); // Customize some of the installed prebuilt rules - await securitySolutionApi.patchRule({ + await detectionsApi.patchRule({ body: { rule_id: PREBUILT_RULE_ID_B, tags: ['custom-tag-b'], }, }); - await securitySolutionApi.patchRule({ + await detectionsApi.patchRule({ body: { rule_id: PREBUILT_RULE_ID_D, tags: ['custom-tag-d'], @@ -268,7 +268,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body: { data: importedRules }, - } = await securitySolutionApi + } = await detectionsApi .findRules({ query: {}, }) @@ -391,13 +391,13 @@ export default ({ getService }: FtrProviderContext): void => { await installPrebuiltRules(es, supertest); // Customize some of the installed prebuilt rules - await securitySolutionApi.patchRule({ + await detectionsApi.patchRule({ body: { rule_id: PREBUILT_RULE_ID_B, tags: ['custom-tag-b'], }, }); - await securitySolutionApi.patchRule({ + await detectionsApi.patchRule({ body: { rule_id: PREBUILT_RULE_ID_D, tags: ['custom-tag-d'], @@ -450,7 +450,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body: { data: importedRules }, - } = await securitySolutionApi + } = await detectionsApi .findRules({ query: {}, }) @@ -545,13 +545,13 @@ export default ({ getService }: FtrProviderContext): void => { await installPrebuiltRules(es, supertest); // Customize some of the installed prebuilt rules - await securitySolutionApi.patchRule({ + await detectionsApi.patchRule({ body: { rule_id: PREBUILT_RULE_ID_B, tags: ['custom-tag-b'], }, }); - await securitySolutionApi.patchRule({ + await detectionsApi.patchRule({ body: { rule_id: PREBUILT_RULE_ID_D, tags: ['custom-tag-d'], @@ -632,7 +632,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body: { data: importedRules }, - } = await securitySolutionApi + } = await detectionsApi .findRules({ query: {}, }) diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_single_prebuilt_rule.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_single_prebuilt_rule.ts index a5829d478acd1..c4a23d973a91c 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_single_prebuilt_rule.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_single_prebuilt_rule.ts @@ -24,7 +24,7 @@ export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const es = getService('es'); const log = getService('log'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const PREBUILT_RULE_ID = 'prebuilt-rule'; const PREBUILT_RULE_ASSET = createRuleAssetSavedObject({ @@ -99,7 +99,7 @@ export default ({ getService }: FtrProviderContext): void => { it('imports a non-customized prebuilt rule on top of an installed customized prebuilt rule', async () => { await installPrebuiltRules(es, supertest); - await securitySolutionApi.patchRule({ + await detectionsApi.patchRule({ body: { rule_id: PREBUILT_RULE_ID, name: 'Customized Rule', @@ -186,7 +186,7 @@ export default ({ getService }: FtrProviderContext): void => { it('imports a customized prebuilt rule on top of an installed customized prebuilt rule', async () => { await installPrebuiltRules(es, supertest); - await securitySolutionApi.patchRule({ + await detectionsApi.patchRule({ body: { rule_id: PREBUILT_RULE_ID, description: 'Customized Rule', @@ -215,7 +215,7 @@ export default ({ getService }: FtrProviderContext): void => { it('imports customized prebuilt rule fields on top of an installed customized prebuilt rule', async () => { await installPrebuiltRules(es, supertest); - await securitySolutionApi + await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID, @@ -271,7 +271,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('importing a custom rule on top of an existing custom rule', async () => { - await securitySolutionApi + await detectionsApi .createRule({ body: CUSTOM_RULE_TO_IMPORT, }) @@ -607,7 +607,7 @@ export default ({ getService }: FtrProviderContext): void => { it('imports an old non-customized prebuilt rule', async () => { await installPrebuiltRules(es, supertest); - await securitySolutionApi.patchRule({ + await detectionsApi.patchRule({ body: { rule_id: PREBUILT_RULE_ID, description: 'Customized Rule', @@ -653,7 +653,7 @@ export default ({ getService }: FtrProviderContext): void => { it('imports an old customized prebuilt rule', async () => { await installPrebuiltRules(es, supertest); - await securitySolutionApi.patchRule({ + await detectionsApi.patchRule({ body: { rule_id: PREBUILT_RULE_ID, name: 'Customized Rule', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_with_installing_package.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_with_installing_package.ts index 901b73b74dd29..9df8edd2a4afa 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_with_installing_package.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_with_installing_package.ts @@ -35,7 +35,7 @@ export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const es = getService('es'); const log = getService('log'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const retryService = getService('retry'); describe('@ess @serverless @skipInServerlessMKI Import prebuilt rules when the package is not installed', () => { @@ -73,7 +73,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body: { data: importedRules }, - } = await securitySolutionApi + } = await detectionsApi .findRules({ query: {}, }) @@ -164,7 +164,7 @@ export default ({ getService }: FtrProviderContext): void => { const { body: { data: importedRules }, - } = await securitySolutionApi + } = await detectionsApi .findRules({ query: {}, }) diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_with_missing_base_version.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_with_missing_base_version.ts index 4c1935195a4ce..cb4ac24fb589f 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_with_missing_base_version.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_with_missing_base_version.ts @@ -20,7 +20,7 @@ export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const es = getService('es'); const log = getService('log'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const PREBUILT_RULE_ID = 'prebuilt-rule'; const CURRENT_PREBUILT_RULE_VERSION = 5; @@ -150,7 +150,7 @@ export default ({ getService }: FtrProviderContext): void => { it('imports a prebuilt rule with a missing base version when import payload IS NOT EQUAL to the installed and customized prebuilt rule', async () => { await installPrebuiltRules(es, supertest); - await securitySolutionApi + await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID, @@ -231,7 +231,7 @@ export default ({ getService }: FtrProviderContext): void => { it('imports a prebuilt rule with a missing base version when import payload IS EQUAL to the installed customized prebuilt rule', async () => { await installPrebuiltRules(es, supertest); - await securitySolutionApi + await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_with_missing_fields.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_with_missing_fields.ts index 1932e8764368a..76e1ddcd5e914 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_with_missing_fields.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/import_export/import_with_missing_fields.ts @@ -22,7 +22,7 @@ export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const es = getService('es'); const log = getService('log'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const PREBUILT_RULE_ID = 'prebuilt-rule'; const PREBUILT_RULE_ASSET = createRuleAssetSavedObject({ @@ -201,7 +201,7 @@ export default ({ getService }: FtrProviderContext): void => { version: 3, }); - await securitySolutionApi + await detectionsApi .createRule({ body: CUSTOM_RULE, }) diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/install_prebuilt_rules/install_mocked_prebuilt_rule_assets.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/install_prebuilt_rules/install_mocked_prebuilt_rule_assets.ts index 268941d9989c4..570987db6a094 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/install_prebuilt_rules/install_mocked_prebuilt_rule_assets.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/install_prebuilt_rules/install_mocked_prebuilt_rule_assets.ts @@ -25,7 +25,7 @@ export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); const supertest = getService('supertest'); const log = getService('log'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); describe('@ess @serverless @skipInServerlessMKI Install from mocked prebuilt rule assets', () => { beforeEach(async () => { @@ -203,7 +203,7 @@ export default ({ getService }: FtrProviderContext): void => { ]); await installPrebuiltRulesAndTimelines(es, supertest); - await securitySolutionApi + await detectionsApi .patchRule({ body: { rule_id: 'rule-1', @@ -230,7 +230,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(response.rules_installed).toBe(0); expect(response.rules_updated).toBe(1); - const { body: prebuiltRule } = await securitySolutionApi.readRule({ + const { body: prebuiltRule } = await detectionsApi.readRule({ query: { rule_id: 'rule-1' }, }); @@ -253,7 +253,7 @@ export default ({ getService }: FtrProviderContext): void => { ]); await installPrebuiltRulesAndTimelines(es, supertest); - await securitySolutionApi + await detectionsApi .patchRule({ body: { rule_id: 'rule-1', @@ -279,7 +279,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(response.rules_installed).toBe(0); expect(response.rules_updated).toBe(1); - const { body: prebuiltRule } = await securitySolutionApi.readRule({ + const { body: prebuiltRule } = await detectionsApi.readRule({ query: { rule_id: 'rule-1' }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/non_customizable_fields/non_customizable_fields.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/non_customizable_fields/non_customizable_fields.ts index 0fd2626e4e042..a64fa958a2307 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/non_customizable_fields/non_customizable_fields.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/non_customizable_fields/non_customizable_fields.ts @@ -26,7 +26,7 @@ import { export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const es = getService('es'); const retryService = getService('retry'); @@ -54,7 +54,7 @@ export default ({ getService }: FtrProviderContext) => { await installPrebuiltRulesFromUploadedPackage(); await installPrebuiltRules(es, supertest); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID_A, @@ -72,13 +72,13 @@ export default ({ getService }: FtrProviderContext) => { await installPrebuiltRulesFromUploadedPackage(); await installPrebuiltRules(es, supertest); - const { body: existingRule } = await securitySolutionApi + const { body: existingRule } = await detectionsApi .readRule({ query: { rule_id: PREBUILT_RULE_ID_A }, }) .expect(200); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .updateRule({ body: getCustomQueryRuleParams({ ...existingRule, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/prebuilt_rules_package/air_gapped/bootstrap_prebuilt_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/prebuilt_rules_package/air_gapped/bootstrap_prebuilt_rules.ts index 32015fd865220..4616f7bb8189d 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/prebuilt_rules_package/air_gapped/bootstrap_prebuilt_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/prebuilt_rules_package/air_gapped/bootstrap_prebuilt_rules.ts @@ -18,7 +18,7 @@ export default ({ getService }: FtrProviderContext): void => { const log = getService('log'); const supertest = getService('supertest'); const retryService = getService('retry'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); describe('@ess @serverless @skipInServerlessMKI Bootstrap Prebuilt Rules', () => { beforeEach(async () => { @@ -27,7 +27,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('installs required Fleet packages required for detection engine to function', async () => { - const { body } = await securitySolutionApi.bootstrapPrebuiltRules().expect(200); + const { body } = await detectionsApi.bootstrapPrebuiltRules().expect(200); expect(body).toMatchObject({ packages: expect.arrayContaining([ @@ -45,9 +45,9 @@ export default ({ getService }: FtrProviderContext): void => { it('skips packages installation when the package has been already installed', async () => { // Install the packages - await securitySolutionApi.bootstrapPrebuiltRules().expect(200); + await detectionsApi.bootstrapPrebuiltRules().expect(200); // Try to install the packages again - const { body } = await securitySolutionApi.bootstrapPrebuiltRules().expect(200); + const { body } = await detectionsApi.bootstrapPrebuiltRules().expect(200); expect(body).toMatchObject({ packages: expect.arrayContaining([ diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/prebuilt_rules_package/install_package_from_epr.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/prebuilt_rules_package/install_package_from_epr.ts index 264069d1c4ce8..ec8c9996c544b 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/prebuilt_rules_package/install_package_from_epr.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/common/prebuilt_rules_package/install_package_from_epr.ts @@ -28,7 +28,7 @@ export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const log = getService('log'); const retryService = getService('retry'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); describe('@ess @serverless @skipInServerlessMKI Install prebuilt rules from EPR', () => { beforeEach(async () => { @@ -44,7 +44,7 @@ export default ({ getService }: FtrProviderContext): void => { await deletePrebuiltRulesFleetPackage({ supertest, es, log, retryService }); await deleteEndpointFleetPackage({ supertest, es, log, retryService }); - const { body } = await securitySolutionApi.bootstrapPrebuiltRules().expect(200); + const { body } = await detectionsApi.bootstrapPrebuiltRules().expect(200); expect(body).toMatchObject({ packages: expect.arrayContaining([ diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/unable_to_customize_via_bulk_editing.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/unable_to_customize_via_bulk_editing.ts index f7280716b2280..aca350c8f3513 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/unable_to_customize_via_bulk_editing.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_disabled/customization/unable_to_customize_via_bulk_editing.ts @@ -17,14 +17,14 @@ import { FtrProviderContext } from '../../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const es = getService('es'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const fetchPrebuiltRule = async () => { const { body: { data: [prebuiltRule], }, - } = await securitySolutionApi.findRules({ + } = await detectionsApi.findRules({ query: { filter: 'alert.attributes.params.immutable: true', per_page: 1, @@ -78,7 +78,7 @@ export default ({ getService }: FtrProviderContext): void => { const prebuiltRule = await fetchPrebuiltRule(); - await securitySolutionApi + await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -112,7 +112,7 @@ export default ({ getService }: FtrProviderContext): void => { await installMockPrebuiltRules(supertest, es); const prebuiltRule = await fetchPrebuiltRule(); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -153,7 +153,7 @@ export default ({ getService }: FtrProviderContext): void => { }); // Check that the updates were not made - const { body: readRule } = await securitySolutionApi + const { body: readRule } = await detectionsApi .readRule({ query: { rule_id: prebuiltRule.rule_id } }) .expect(200); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/customize_via_bulk_editing.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/customize_via_bulk_editing.ts index 4c983c43eba79..9f7413ef2b762 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/customize_via_bulk_editing.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/customize_via_bulk_editing.ts @@ -25,7 +25,7 @@ import { FtrProviderContext } from '../../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const es = getService('es'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); describe('@ess @serverless @skipInServerless Customize via bulk editing', () => { @@ -92,7 +92,7 @@ export default ({ getService }: FtrProviderContext): void => { ): Promise => { const { body: { data: prebuiltRules }, - } = await securitySolutionApi + } = await detectionsApi .findRules({ query: { filter: 'alert.attributes.params.immutable: true', @@ -101,7 +101,7 @@ export default ({ getService }: FtrProviderContext): void => { }) .expect(200); - const { body: bulkEditResponse } = await securitySolutionApi + const { body: bulkEditResponse } = await detectionsApi .performRulesBulkAction({ query: {}, body: { diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/detect_customization_with_base_version.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/detect_customization_with_base_version.ts index bd39b615e9b25..78a3df13cef99 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/detect_customization_with_base_version.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/detect_customization_with_base_version.ts @@ -19,7 +19,7 @@ import { export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); describe('@ess @serverless @skipInServerlessMKI Detect prebuilt rule customization (base version exists)', () => { @@ -40,14 +40,14 @@ export default ({ getService }: FtrProviderContext): void => { // isn't provided for non custom query rule types. ruleType?: RuleResponse['type']; }) => { - const { body: nonCustomizedRule } = await securitySolutionApi + const { body: nonCustomizedRule } = await detectionsApi .readRule({ query: { rule_id: PREBUILT_RULE_ID }, }) .expect(200); // Assert the customization for "fieldName" works - const { body: customizedResponse } = await securitySolutionApi + const { body: customizedResponse } = await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID, type: ruleType, [fieldName]: customizedValue }, }) @@ -59,7 +59,7 @@ export default ({ getService }: FtrProviderContext): void => { }); // Assert that patching the "fieldName" to its original value reverts the customization - const { body: customizationRevertedResponse } = await securitySolutionApi + const { body: customizationRevertedResponse } = await detectionsApi .updateRule({ body: { ...nonCustomizedRule, id: undefined }, }) @@ -202,13 +202,13 @@ export default ({ getService }: FtrProviderContext): void => { })); it('"timeline_template" fields', async () => { - const { body: nonCustomizedRule } = await securitySolutionApi + const { body: nonCustomizedRule } = await detectionsApi .readRule({ query: { rule_id: PREBUILT_RULE_ID }, }) .expect(200); - const { body: customizedResponse } = await securitySolutionApi + const { body: customizedResponse } = await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID, @@ -223,7 +223,7 @@ export default ({ getService }: FtrProviderContext): void => { is_customized: true, }); - const { body: customizationRevertedResponse } = await securitySolutionApi + const { body: customizationRevertedResponse } = await detectionsApi .updateRule({ body: { ...nonCustomizedRule, @@ -313,13 +313,13 @@ export default ({ getService }: FtrProviderContext): void => { })); it('"data_view_id" field', async () => { - const { body: nonCustomizedRule } = await securitySolutionApi + const { body: nonCustomizedRule } = await detectionsApi .readRule({ query: { rule_id: PREBUILT_RULE_ID }, }) .expect(200); - const { body: customizedResponse } = await securitySolutionApi + const { body: customizedResponse } = await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID, data_view_id: 'new-data-view', index: [] }, }) @@ -330,7 +330,7 @@ export default ({ getService }: FtrProviderContext): void => { is_customized: true, }); - const { body: customizationRevertedResponse } = await securitySolutionApi + const { body: customizationRevertedResponse } = await detectionsApi .updateRule({ body: { ...nonCustomizedRule, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/detect_customization_without_base_version.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/detect_customization_without_base_version.ts index 15a648b797983..c45cf053cbf3c 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/detect_customization_without_base_version.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/detect_customization_without_base_version.ts @@ -19,7 +19,7 @@ import { export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); describe('@ess @serverless @skipInServerlessMKI Detect prebuilt rule customization (base version is missing)', () => { @@ -41,7 +41,7 @@ export default ({ getService }: FtrProviderContext): void => { ruleType?: RuleResponse['type']; }) => { // Assert the customization for "fieldName" works - const { body: customizedResponse } = await securitySolutionApi + const { body: customizedResponse } = await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID, type: ruleType, [fieldName]: customizedValue }, }) @@ -185,7 +185,7 @@ export default ({ getService }: FtrProviderContext): void => { })); it('"timeline_template" fields', async () => { - const { body: customizedResponse } = await securitySolutionApi + const { body: customizedResponse } = await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID, @@ -277,7 +277,7 @@ export default ({ getService }: FtrProviderContext): void => { })); it('"data_view_id" field', async () => { - const { body: customizedResponse } = await securitySolutionApi + const { body: customizedResponse } = await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID, data_view_id: 'new-data-view', index: [] }, }) diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/unaffected_fields.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/unaffected_fields.ts index 07ced0d016881..8ef60ad08c9fc 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/unaffected_fields.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/customization/unaffected_fields.ts @@ -23,7 +23,7 @@ import { export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); describe('@ess @serverless @skipInServerlessMKI Skip customization detection for unaffected prebuilt rule fields', () => { @@ -41,7 +41,7 @@ export default ({ getService }: FtrProviderContext): void => { fieldName: string; value: unknown; }) => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID, [fieldName]: value }, }) @@ -102,7 +102,7 @@ export default ({ getService }: FtrProviderContext): void => { })); it('leaves "is_customized" intact when bulk edit does not change the field value', async () => { - const { body: prebuiltRule } = await securitySolutionApi + const { body: prebuiltRule } = await detectionsApi .readRule({ query: { rule_id: PREBUILT_RULE_ID }, }) @@ -110,7 +110,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(prebuiltRule.rule_source.is_customized).toEqual(false); - const { body: bulkResult } = await securitySolutionApi + const { body: bulkResult } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -135,7 +135,7 @@ export default ({ getService }: FtrProviderContext): void => { }); // Check that the rule has not been customized - const { body: unchangedPrebuiltRule } = await securitySolutionApi + const { body: unchangedPrebuiltRule } = await detectionsApi .readRule({ query: { rule_id: PREBUILT_RULE_ID }, }) @@ -147,7 +147,7 @@ export default ({ getService }: FtrProviderContext): void => { describe('cannot change non-customizable rule fields', () => { it('"id" field', async () => { - await securitySolutionApi + await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID, @@ -158,7 +158,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('"author" field', async () => { - await securitySolutionApi + await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID, @@ -169,7 +169,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('"license" field', async () => { - await securitySolutionApi + await detectionsApi .patchRule({ body: { rule_id: PREBUILT_RULE_ID, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/test_helpers.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/test_helpers.ts index 6ae9d66fef1d9..117714a8de982 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/test_helpers.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/diffable_rule_fields/test_helpers.ts @@ -199,13 +199,13 @@ export function testFieldUpgradesToMergedValue( const es = getService('es'); const supertest = getService('supertest'); const log = getService('log'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const deps = { es, supertest, log, - securitySolutionApi, + detectionsApi, }; it('upgrades to MERGED value', async () => { @@ -234,7 +234,7 @@ export function testFieldUpgradesToMergedValue( ], }); - const upgradedRule = await securitySolutionApi.readRule({ + const upgradedRule = await detectionsApi.readRule({ query: { rule_id: DEFAULT_TEST_RULE_ID }, }); @@ -273,13 +273,13 @@ export function testFieldUpgradesToResolvedValue( const es = getService('es'); const supertest = getService('supertest'); const log = getService('log'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const deps = { es, supertest, log, - securitySolutionApi, + detectionsApi, }; it('upgrades to RESOLVED value', async () => { @@ -308,7 +308,7 @@ export function testFieldUpgradesToResolvedValue( ], }); - const upgradedRule = await deps.securitySolutionApi.readRule({ + const upgradedRule = await deps.detectionsApi.readRule({ query: { rule_id: DEFAULT_TEST_RULE_ID }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/upgrade_single_prebuilt_rule.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/upgrade_single_prebuilt_rule.ts index 3328167ee5005..665780728522e 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/upgrade_single_prebuilt_rule.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/customization_enabled/upgrade_prebuilt_rules/upgrade_single_prebuilt_rule.ts @@ -24,7 +24,7 @@ export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); const supertest = getService('supertest'); const log = getService('log'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const deps = { es, supertest, @@ -83,7 +83,7 @@ export default ({ getService }: FtrProviderContext): void => { }, ], }); - const upgradedRule = await securitySolutionApi.readRule({ + const upgradedRule = await detectionsApi.readRule({ query: { rule_id: DEFAULT_TEST_RULE_ID }, }); @@ -129,7 +129,7 @@ export default ({ getService }: FtrProviderContext): void => { }, ], }); - const upgradedRule = await securitySolutionApi.readRule({ + const upgradedRule = await detectionsApi.readRule({ query: { rule_id: DEFAULT_TEST_RULE_ID }, }); @@ -179,7 +179,7 @@ export default ({ getService }: FtrProviderContext): void => { }, ], }); - const upgradedRule = await securitySolutionApi.readRule({ + const upgradedRule = await detectionsApi.readRule({ query: { rule_id: DEFAULT_TEST_RULE_ID }, }); @@ -226,7 +226,7 @@ export default ({ getService }: FtrProviderContext): void => { }, ], }); - const upgradedRule = await securitySolutionApi.readRule({ + const upgradedRule = await detectionsApi.readRule({ query: { rule_id: DEFAULT_TEST_RULE_ID }, }); @@ -343,7 +343,7 @@ export default ({ getService }: FtrProviderContext): void => { mode: ModeEnum.ALL_RULES, pick_version: 'TARGET', }); - const upgradedRule = await securitySolutionApi.readRule({ + const upgradedRule = await detectionsApi.readRule({ query: { rule_id: DEFAULT_TEST_RULE_ID }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts index 1a9f41830d941..b763c83fbeedc 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts @@ -41,7 +41,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const es = getService('es'); const log = getService('log'); const esArchiver = getService('esArchiver'); @@ -96,7 +96,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should export rules', async () => { const mockRule = getCustomQueryRuleParams(); - await securitySolutionApi.createRule({ body: mockRule }); + await detectionsApi.createRule({ body: mockRule }); const { body } = await postBulkAction() .send({ query: '', action: BulkActionTypeEnum.export }) @@ -142,9 +142,9 @@ export default ({ getService }: FtrProviderContext): void => { }; const mockRule = getCustomQueryRuleParams(defaultableFields); - await securitySolutionApi.createRule({ body: mockRule }); + await detectionsApi.createRule({ body: mockRule }); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -285,7 +285,7 @@ export default ({ getService }: FtrProviderContext): void => { ], }); - await securitySolutionApi.createRule({ body: ruleToDuplicate }); + await detectionsApi.createRule({ body: ruleToDuplicate }); const { body } = await postBulkAction() .send({ @@ -303,12 +303,12 @@ export default ({ getService }: FtrProviderContext): void => { ); // Check that the updates have been persisted - const { body: rulesResponse } = await securitySolutionApi.findRules({ query: {} }); + const { body: rulesResponse } = await detectionsApi.findRules({ query: {} }); expect(rulesResponse.total).toEqual(2); const duplicatedRuleId = body.attributes.results.created[0].id; - const { body: duplicatedRule } = await securitySolutionApi + const { body: duplicatedRule } = await detectionsApi .readRule({ query: { id: duplicatedRuleId }, }) @@ -1121,7 +1121,7 @@ export default ({ getService }: FtrProviderContext): void => { const ruleId = 'ruleId'; await createRule(supertest, log, getSimpleRule(ruleId)); - const { body: bulkEditResponse } = await securitySolutionApi + const { body: bulkEditResponse } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -1164,7 +1164,7 @@ export default ({ getService }: FtrProviderContext): void => { investigation_fields: investigationFields, }); - const { body: bulkEditResponse } = await securitySolutionApi + const { body: bulkEditResponse } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -1207,7 +1207,7 @@ export default ({ getService }: FtrProviderContext): void => { investigation_fields: investigationFields, }); - const { body: bulkEditResponse } = await securitySolutionApi + const { body: bulkEditResponse } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -1283,7 +1283,7 @@ export default ({ getService }: FtrProviderContext): void => { investigation_fields: existingInvestigationFields, }); - const { body: bulkEditResponse } = await securitySolutionApi + const { body: bulkEditResponse } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -2257,7 +2257,7 @@ export default ({ getService }: FtrProviderContext): void => { const endDate = moment(); const startDate = endDate.clone().subtract(1, 'h'); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -2305,7 +2305,7 @@ export default ({ getService }: FtrProviderContext): void => { const endDate = moment(); const startDate = endDate.clone().subtract(1, 'h'); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -2347,7 +2347,7 @@ export default ({ getService }: FtrProviderContext): void => { const endDate = moment().subtract(1, 'h'); const startDate = endDate.clone(); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -2388,7 +2388,7 @@ export default ({ getService }: FtrProviderContext): void => { const startDate = moment().add(1, 'd'); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -2427,7 +2427,7 @@ export default ({ getService }: FtrProviderContext): void => { const endDate = moment().add(1, 'd'); const startDate = moment().subtract(1, 'd'); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -2469,7 +2469,7 @@ export default ({ getService }: FtrProviderContext): void => { const endDate = moment(); const startDate = moment().subtract(MAX_MANUAL_RULE_RUN_LOOKBACK_WINDOW_DAYS + 1, 'd'); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -2504,7 +2504,7 @@ export default ({ getService }: FtrProviderContext): void => { const endDate = moment(); const startDate = endDate.clone().subtract(1, 'h'); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: {}, body: { @@ -2562,7 +2562,7 @@ export default ({ getService }: FtrProviderContext): void => { const endDate = moment(); const startDate = endDate.clone().subtract(1, 'h'); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: {}, body: { diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_dry_run.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_dry_run.ts index 2933c585c0861..c61dd595c3221 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_dry_run.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_dry_run.ts @@ -21,7 +21,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const es = getService('es'); @@ -38,7 +38,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should not support export action', async () => { await createRule(supertest, log, getSimpleRule()); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: { dry_run: true }, body: { action: BulkActionTypeEnum.export }, @@ -56,7 +56,7 @@ export default ({ getService }: FtrProviderContext): void => { const testRule = getSimpleRule(ruleId); await createRule(supertest, log, testRule); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: { dry_run: true }, body: { action: BulkActionTypeEnum.delete }, @@ -73,14 +73,14 @@ export default ({ getService }: FtrProviderContext): void => { }); // Check that rule wasn't deleted - await securitySolutionApi.readRule({ query: { rule_id: ruleId } }).expect(200); + await detectionsApi.readRule({ query: { rule_id: ruleId } }).expect(200); }); it('should handle enable action', async () => { const ruleId = 'ruleId'; await createRule(supertest, log, getSimpleRule(ruleId)); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: { dry_run: true }, body: { action: BulkActionTypeEnum.enable }, @@ -97,7 +97,7 @@ export default ({ getService }: FtrProviderContext): void => { }); // Check that the updates have not been persisted - const { body: ruleBody } = await securitySolutionApi + const { body: ruleBody } = await detectionsApi .readRule({ query: { rule_id: ruleId } }) .expect(200); expect(ruleBody.enabled).toBe(false); @@ -107,7 +107,7 @@ export default ({ getService }: FtrProviderContext): void => { const ruleId = 'ruleId'; await createRule(supertest, log, getSimpleRule(ruleId, true)); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: { dry_run: true }, body: { action: BulkActionTypeEnum.disable }, @@ -124,7 +124,7 @@ export default ({ getService }: FtrProviderContext): void => { }); // Check that the updates have not been persisted - const { body: ruleBody } = await securitySolutionApi + const { body: ruleBody } = await detectionsApi .readRule({ query: { rule_id: ruleId } }) .expect(200); expect(ruleBody.enabled).toBe(true); @@ -135,7 +135,7 @@ export default ({ getService }: FtrProviderContext): void => { const ruleToDuplicate = getSimpleRule(ruleId); await createRule(supertest, log, ruleToDuplicate); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: { dry_run: true }, body: { action: BulkActionTypeEnum.disable }, @@ -152,9 +152,7 @@ export default ({ getService }: FtrProviderContext): void => { }); // Check that the rule wasn't duplicated - const { body: rulesResponse } = await securitySolutionApi - .findRules({ query: {} }) - .expect(200); + const { body: rulesResponse } = await detectionsApi.findRules({ query: {} }).expect(200); expect(rulesResponse.total).toBe(1); }); @@ -165,7 +163,7 @@ export default ({ getService }: FtrProviderContext): void => { const tags = ['tag1', 'tag2']; await createRule(supertest, log, { ...getSimpleRule(ruleId), tags }); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: { dry_run: true }, body: { @@ -190,7 +188,7 @@ export default ({ getService }: FtrProviderContext): void => { }); // Check that the updates have not been persisted - const { body: ruleBody } = await securitySolutionApi + const { body: ruleBody } = await detectionsApi .readRule({ query: { rule_id: ruleId } }) .expect(200); expect(ruleBody.tags).toEqual(tags); @@ -207,7 +205,7 @@ export default ({ getService }: FtrProviderContext): void => { it(`should return error if ${editAction} action is applied to machine learning rule`, async () => { const mlRule = await createRule(supertest, log, getSimpleMlRule()); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: { dry_run: true }, body: { @@ -274,7 +272,7 @@ export default ({ getService }: FtrProviderContext): void => { const endDate = moment(); const startDate = endDate.clone().subtract(1, 'h'); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: { dry_run: true }, body: { @@ -313,7 +311,7 @@ export default ({ getService }: FtrProviderContext): void => { const endDate = moment(); const startDate = endDate.clone().subtract(1, 'h'); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: { dry_run: true }, body: { @@ -371,7 +369,7 @@ export default ({ getService }: FtrProviderContext): void => { const endDate = moment(); const startDate = endDate.clone().subtract(1, 'h'); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ query: { dry_run: true }, body: { diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_ess.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_ess.ts index b3de11539e130..0d54d481f4109 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_ess.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action_ess.ts @@ -36,7 +36,7 @@ const MINIMUM_RULE_INTERVAL_FOR_LEGACY_ACTION = '1h'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const es = getService('es'); const log = getService('log'); @@ -81,7 +81,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(sidecarActionsResults.hits.hits.length).toBe(1); expect(sidecarActionsResults.hits.hits[0]?._source?.references[0].id).toBe(rule.id); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ body: { query: '', action: BulkActionTypeEnum.delete }, query: {}, @@ -98,7 +98,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(sidecarActionsPostResults.hits.hits.length).toBe(0); // Check that the updates have been persisted - await securitySolutionApi.readRule({ query: { rule_id: ruleId } }).expect(404); + await detectionsApi.readRule({ query: { rule_id: ruleId } }).expect(404); }); it('should enable rules and migrate actions', async () => { @@ -132,7 +132,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(sidecarActionsResults.hits.hits.length).toBe(1); expect(sidecarActionsResults.hits.hits[0]?._source?.references[0].id).toBe(rule.id); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ body: { query: '', action: BulkActionTypeEnum.enable }, query: {}, @@ -145,7 +145,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(body.attributes.results.updated[0].enabled).toBeTruthy(); // Check that the updates have been persisted - const { body: ruleBody } = await securitySolutionApi + const { body: ruleBody } = await detectionsApi .readRule({ query: { rule_id: ruleId } }) .expect(200); @@ -200,7 +200,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(sidecarActionsResults.hits.hits.length).toBe(1); expect(sidecarActionsResults.hits.hits[0]?._source?.references[0].id).toBe(rule.id); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ body: { query: '', action: BulkActionTypeEnum.disable }, query: {}, @@ -213,7 +213,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(body.attributes.results.updated[0].enabled).toBeFalsy(); // Check that the updates have been persisted - const { body: ruleBody } = await securitySolutionApi + const { body: ruleBody } = await detectionsApi .readRule({ query: { rule_id: ruleId } }) .expect(200); @@ -267,7 +267,7 @@ export default ({ getService }: FtrProviderContext): void => { ruleToDuplicate.id ); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ body: { query: '', @@ -284,9 +284,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(body.attributes.results.created[0].name).toBe(`${ruleToDuplicate.name} [Duplicate]`); // Check that the updates have been persisted - const { body: rulesResponse } = await securitySolutionApi - .findRules({ query: {} }) - .expect(200); + const { body: rulesResponse } = await detectionsApi.findRules({ query: {} }).expect(200); expect(rulesResponse.total).toBe(2); @@ -309,7 +307,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should set rule_source to "internal" when duplicating a rule', async () => { await createRule(supertest, log, getCustomQueryRuleParams()); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ body: { query: '', @@ -331,7 +329,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should return error if index patterns action is applied to ES|QL rule', async () => { const esqlRule = await createRule(supertest, log, getCreateEsqlRulesSchemaMock()); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ body: { ids: [esqlRule.id], @@ -398,7 +396,7 @@ export default ({ getService }: FtrProviderContext): void => { ruleToDuplicate.id ); - const { body: setTagsBody } = await securitySolutionApi + const { body: setTagsBody } = await detectionsApi .performRulesBulkAction({ body: { query: '', @@ -422,7 +420,7 @@ export default ({ getService }: FtrProviderContext): void => { }); // Check that the updates have been persisted - const { body: setTagsRule } = await securitySolutionApi + const { body: setTagsRule } = await detectionsApi .readRule({ query: { rule_id: ruleId } }) .expect(200); @@ -489,7 +487,7 @@ export default ({ getService }: FtrProviderContext): void => { createdRule.id ); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ body: { ids: [createdRule.id], @@ -527,7 +525,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(body.attributes.results.updated[0].actions).toEqual(expectedRuleActions); // Check that the updates have been persisted - const { body: readRule } = await securitySolutionApi + const { body: readRule } = await detectionsApi .readRule({ query: { rule_id: ruleId } }) .expect(200); @@ -563,7 +561,7 @@ export default ({ getService }: FtrProviderContext): void => { }), ]); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ body: { query: '', action: BulkActionTypeEnum.export }, query: {}, @@ -649,7 +647,7 @@ export default ({ getService }: FtrProviderContext): void => { }), ]); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ body: { query: '', action: BulkActionTypeEnum.delete }, query: {}, @@ -676,15 +674,15 @@ export default ({ getService }: FtrProviderContext): void => { }); // Check that the updates have been persisted - await securitySolutionApi + await detectionsApi .readRule({ query: { rule_id: ruleWithLegacyInvestigationField.params.ruleId } }) .expect(404); - await securitySolutionApi + await detectionsApi .readRule({ query: { rule_id: ruleWithLegacyInvestigationFieldEmptyArray.params.ruleId }, }) .expect(404); - await securitySolutionApi + await detectionsApi .readRule({ query: { rule_id: 'rule-with-investigation-field' } }) .expect(404); }); @@ -707,7 +705,7 @@ export default ({ getService }: FtrProviderContext): void => { }), ]); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ body: { query: '', action: BulkActionTypeEnum.enable }, query: {}, @@ -795,7 +793,7 @@ export default ({ getService }: FtrProviderContext): void => { }), ]); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ body: { query: '', action: BulkActionTypeEnum.disable }, query: {}, @@ -889,7 +887,7 @@ export default ({ getService }: FtrProviderContext): void => { }), ]); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .performRulesBulkAction({ body: { query: '', @@ -911,7 +909,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(names.includes('Test investigation fields object [Duplicate]')).toBeTruthy(); // Check that the updates have been persisted - const { body: rulesResponse } = await await securitySolutionApi + const { body: rulesResponse } = await await detectionsApi .findRules({ query: {} }) .expect(200); @@ -1026,7 +1024,7 @@ export default ({ getService }: FtrProviderContext): void => { }), ]); - const { body } = await securitySolutionApi.performRulesBulkAction({ + const { body } = await detectionsApi.performRulesBulkAction({ body: { query: '', action: BulkActionTypeEnum.edit, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_enable_disable.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_enable_disable.ts index 1baa69cd8dfb7..f78a0de528eb6 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_enable_disable.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_enable_disable.ts @@ -13,7 +13,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); describe('@ess @serverless @serverlessQA Bulk enable/disable', () => { @@ -29,7 +29,7 @@ export default ({ getService }: FtrProviderContext): void => { getCustomQueryRuleParams({ rule_id: ruleId, enabled: false }) ); - const { body } = await securitySolutionApi.performRulesBulkAction({ + const { body } = await detectionsApi.performRulesBulkAction({ query: {}, body: { action: BulkActionTypeEnum.enable }, }); @@ -52,7 +52,7 @@ export default ({ getService }: FtrProviderContext): void => { getCustomQueryRuleParams({ rule_id: ruleId, enabled: true }) ); - const { body } = await securitySolutionApi.performRulesBulkAction({ + const { body } = await detectionsApi.performRulesBulkAction({ query: {}, body: { action: BulkActionTypeEnum.disable }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules.ts index 9f1f662e40cb6..9c4b76b991b9f 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules.ts @@ -29,7 +29,7 @@ import { EsArchivePathBuilder } from '../../../../../es_archive_path_builder'; export default ({ getService }: FtrProviderContext) => { const esArchiver = getService('esArchiver'); const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const es = getService('es'); const utils = getService('securitySolutionUtils'); @@ -59,9 +59,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should create a single rule with a rule_id', async () => { - const { body } = await securitySolutionApi - .createRule({ body: getSimpleRule() }) - .expect(200); + const { body } = await detectionsApi.createRule({ body: getSimpleRule() }).expect(200); const bodyToCompare = removeServerGeneratedProperties(body); const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); @@ -92,13 +90,13 @@ export default ({ getService }: FtrProviderContext) => { ], }; - const { body: createdRuleResponse } = await securitySolutionApi + const { body: createdRuleResponse } = await detectionsApi .createRule({ body: ruleCreateProperties }) .expect(200); expect(createdRuleResponse).toMatchObject(expectedRule); - const { body: createdRule } = await securitySolutionApi + const { body: createdRule } = await detectionsApi .readRule({ query: { rule_id: 'rule-1' }, }) @@ -119,7 +117,7 @@ export default ({ getService }: FtrProviderContext) => { query: 'user.name: root or user.name: admin', }; - const { body } = await securitySolutionApi.createRule({ body: rule }).expect(200); + const { body } = await detectionsApi.createRule({ body: rule }).expect(200); const bodyToCompare = removeServerGeneratedProperties(body); const expectedRule = updateUsername( @@ -166,7 +164,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should create a single rule without a rule_id', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: getSimpleRuleWithoutRuleId() }) .expect(200); @@ -180,11 +178,9 @@ export default ({ getService }: FtrProviderContext) => { }); it('should cause a 409 conflict if we attempt to create the same rule_id twice', async () => { - await securitySolutionApi.createRule({ body: getSimpleRule() }).expect(200); + await detectionsApi.createRule({ body: getSimpleRule() }).expect(200); - const { body } = await securitySolutionApi - .createRule({ body: getSimpleRule() }) - .expect(409); + const { body } = await detectionsApi.createRule({ body: getSimpleRule() }).expect(409); expect(body).toEqual({ message: 'rule_id: "rule-1" already exists', @@ -198,7 +194,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('creates a rule with max_signals defaulted to 100 when not present', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: getCustomQueryRuleParams(), }) @@ -208,7 +204,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('does NOT create a rule when max_signals is less than 1', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: { ...getCustomQueryRuleParams(), @@ -231,7 +227,7 @@ export default ({ getService }: FtrProviderContext) => { expect(customQueryRuleParams.required_fields).toBeUndefined(); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: customQueryRuleParams, }) @@ -239,7 +235,7 @@ export default ({ getService }: FtrProviderContext) => { expect(body.required_fields).toEqual([]); - const { body: createdRule } = await securitySolutionApi + const { body: createdRule } = await detectionsApi .readRule({ query: { rule_id: 'rule-without-required-fields' }, }) diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules_bulk.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules_bulk.ts index e212a57c39d83..dc5009816c74f 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules_bulk.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules_bulk.ts @@ -28,7 +28,7 @@ import { export default ({ getService }: FtrProviderContext): void => { const esArchiver = getService('esArchiver'); const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const es = getService('es'); // TODO: add a new service for loading archiver files similar to "getService('es')" @@ -58,7 +58,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should create a single rule with a rule_id', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkCreateRules({ body: [getSimpleRule()] }) .expect(200); @@ -91,13 +91,13 @@ export default ({ getService }: FtrProviderContext): void => { ], }; - const { body: createdRulesBulkResponse } = await securitySolutionApi + const { body: createdRulesBulkResponse } = await detectionsApi .bulkCreateRules({ body: [ruleCreateProperties] }) .expect(200); expect(createdRulesBulkResponse[0]).toMatchObject(expectedRule); - const { body: createdRule } = await securitySolutionApi + const { body: createdRule } = await detectionsApi .readRule({ query: { rule_id: 'rule-1' }, }) @@ -107,7 +107,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should create a single rule without a rule_id', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkCreateRules({ body: [getSimpleRuleWithoutRuleId()] }) .expect(200); @@ -121,7 +121,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should return a 200 ok but have a 409 conflict if we attempt to create the same rule_id twice', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkCreateRules({ body: [getSimpleRule(), getSimpleRule()] }) .expect(200); @@ -137,9 +137,9 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should return a 200 ok but have a 409 conflict if we attempt to create the same rule_id that already exists', async () => { - await securitySolutionApi.bulkCreateRules({ body: [getSimpleRule()] }).expect(200); + await detectionsApi.bulkCreateRules({ body: [getSimpleRule()] }).expect(200); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkCreateRules({ body: [getSimpleRule()] }) .expect(200); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/trial_license_complete_tier/create_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/trial_license_complete_tier/create_rules.ts index 10bde240ec36c..d451367546e00 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/trial_license_complete_tier/create_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/trial_license_complete_tier/create_rules.ts @@ -44,7 +44,7 @@ import { export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const supertestWithoutAuth = getService('supertestWithoutAuth'); const log = getService('log'); const es = getService('es'); @@ -74,7 +74,7 @@ export default ({ getService }: FtrProviderContext) => { describe('elastic admin', () => { it('creates a custom query rule', async () => { const username = await utils.getUsername(); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: getCustomQueryRuleParams() }) .expect(200); @@ -95,7 +95,7 @@ export default ({ getService }: FtrProviderContext) => { saved_id: 'my-saved-query-id', }); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: savedQueryRuleParams }) .expect(200); @@ -130,7 +130,7 @@ export default ({ getService }: FtrProviderContext) => { it('expects rule runs successfully', async () => { const { body: { id }, - } = await securitySolutionApi + } = await detectionsApi .createRule({ body: getCustomQueryRuleParams({ enabled: true }) }) .expect(200); @@ -144,7 +144,7 @@ export default ({ getService }: FtrProviderContext) => { it('expects rule partial failure due to index pattern matching nothing', async () => { const { body: { id }, - } = await securitySolutionApi + } = await detectionsApi .createRule({ body: getCustomQueryRuleParams({ index: ['does-not-exist-*'], @@ -170,7 +170,7 @@ export default ({ getService }: FtrProviderContext) => { it('expects rule runs successfully with only one index pattern matching existing index', async () => { const { body: { id }, - } = await securitySolutionApi + } = await detectionsApi .createRule({ body: getCustomQueryRuleParams({ index: ['does-not-exist-*', 'logs-test'], @@ -191,7 +191,7 @@ export default ({ getService }: FtrProviderContext) => { index: undefined, }); - const { body } = await securitySolutionApi.createRule({ body: ruleParams }).expect(200); + const { body } = await detectionsApi.createRule({ body: ruleParams }).expect(200); expect(body.index).toBeUndefined(); expect(body).toEqual(expect.objectContaining(omit(ruleParams, 'index'))); @@ -202,7 +202,7 @@ export default ({ getService }: FtrProviderContext) => { rule_id: undefined, }); - const { body } = await securitySolutionApi.createRule({ body: ruleParams }).expect(200); + const { body } = await detectionsApi.createRule({ body: ruleParams }).expect(200); expect(body).toEqual( expect.objectContaining({ ...ruleParams, rule_id: expect.any(String) }) @@ -210,7 +210,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('creates a ML rule with legacy machine_learning_job_id', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: getMLRuleParams({ machine_learning_job_id: 'some_job_id' }) }) .expect(200); @@ -222,17 +222,17 @@ export default ({ getService }: FtrProviderContext) => { it('creates a ML rule', async () => { const ruleParams = getMLRuleParams({ machine_learning_job_id: ['some_job_id'] }); - const { body } = await securitySolutionApi.createRule({ body: ruleParams }).expect(200); + const { body } = await detectionsApi.createRule({ body: ruleParams }).expect(200); expect(body).toEqual(expect.objectContaining(ruleParams)); }); it('causes a 409 conflict if the same rule_id is used twice', async () => { - await securitySolutionApi + await detectionsApi .createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-1' }) }) .expect(200); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-1' }) }) .expect(409); @@ -245,7 +245,7 @@ export default ({ getService }: FtrProviderContext) => { describe('exception', () => { it('does NOT create a rule if trying to add more than one default rule exception list', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: getCustomQueryRuleParams({ exceptions_list: [ @@ -273,7 +273,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('does NOT create a rule when there is an attempt to share non sharable exception ("rule_default" type)', async () => { - const { body: ruleWithException } = await securitySolutionApi + const { body: ruleWithException } = await detectionsApi .createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-1', @@ -289,7 +289,7 @@ export default ({ getService }: FtrProviderContext) => { }) .expect(200); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-2', @@ -312,7 +312,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('creates a rule when shared exception type is used ("detection" type)', async () => { - await securitySolutionApi + await detectionsApi .createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-1', @@ -328,7 +328,7 @@ export default ({ getService }: FtrProviderContext) => { }) .expect(200); - await securitySolutionApi + await detectionsApi .createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-2', @@ -371,7 +371,7 @@ export default ({ getService }: FtrProviderContext) => { describe('threshold validation', () => { it('returns HTTP 400 error when NO threshold field is provided', async () => { const ruleParams = getThresholdRuleParams(); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ // @ts-expect-error we are testing the invalid payload body: omit(ruleParams, 'threshold'), @@ -386,7 +386,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('returns HTTP 400 error when there are more than 3 threshold fields provided', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: getThresholdRuleParams({ threshold: { @@ -404,7 +404,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('returns HTTP 400 error when threshold value is less than 1', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: getThresholdRuleParams({ threshold: { @@ -423,7 +423,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('returns HTTP 400 error when cardinality is also an agg field', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: getThresholdRuleParams({ threshold: { @@ -449,7 +449,7 @@ export default ({ getService }: FtrProviderContext) => { describe('investigation_fields', () => { it('creates a rule with investigation_fields', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: getCustomQueryRuleParams({ investigation_fields: { @@ -465,7 +465,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('does NOT create a rule with legacy investigation_fields', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: { ...getCustomQueryRuleParams(), @@ -510,7 +510,7 @@ export default ({ getService }: FtrProviderContext) => { it('expects partial failure for a rule with timestamp override and index pattern matching no indices', async () => { const { body: { id }, - } = await securitySolutionApi + } = await detectionsApi .createRule({ body: getCustomQueryRuleParams({ index: ['myfakeindex-1'], @@ -538,7 +538,7 @@ export default ({ getService }: FtrProviderContext) => { it('generates two signals with a "partial failure" status', async () => { const { body: { id }, - } = await securitySolutionApi + } = await detectionsApi .createRule({ body: getCustomQueryRuleParams({ index: ['myfa*'], @@ -571,7 +571,7 @@ export default ({ getService }: FtrProviderContext) => { [undefined, NOTIFICATION_THROTTLE_NO_ACTIONS, NOTIFICATION_THROTTLE_RULE].forEach( (throttle) => { it(`sets each action's frequency attribute to default value when 'throttle' is ${throttle}`, async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: getCustomQueryRuleParams({ throttle, @@ -589,7 +589,7 @@ export default ({ getService }: FtrProviderContext) => { ['300s', '5m', '3h', '4d'].forEach((throttle) => { it(`transforms correctly 'throttle = ${throttle}' and sets it as a frequency of each action`, async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: getCustomQueryRuleParams({ // Action throttle cannot be shorter than the schedule interval @@ -623,7 +623,7 @@ export default ({ getService }: FtrProviderContext) => { ].forEach((throttle) => { it(`does NOT change action frequency when 'throttle' is '${throttle}'`, async () => { const actionsWithFrequencies = await getActionsWithFrequencies(supertest); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: getCustomQueryRuleParams({ throttle, @@ -644,7 +644,7 @@ export default ({ getService }: FtrProviderContext) => { (throttle) => { it(`overrides each action's frequency attribute to default value when 'throttle' is ${throttle}`, async () => { const someActionsWithFrequencies = await getSomeActionsWithFrequencies(supertest); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: getCustomQueryRuleParams({ throttle, @@ -665,7 +665,7 @@ export default ({ getService }: FtrProviderContext) => { ['430s', '7m', '1h', '8d'].forEach((throttle) => { it(`transforms correctly 'throttle = ${throttle}' and overrides frequency attribute of each action`, async () => { const someActionsWithFrequencies = await getSomeActionsWithFrequencies(supertest); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .createRule({ body: getCustomQueryRuleParams({ // Action throttle cannot be shorter than the schedule interval diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules.ts index cdce8189f2703..58247d72b73fe 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules.ts @@ -26,7 +26,7 @@ import { export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const es = getService('es'); const utils = getService('securitySolutionUtils'); @@ -46,7 +46,7 @@ export default ({ getService }: FtrProviderContext): void => { await createRule(supertest, log, getSimpleRule('rule-1')); // delete the rule by its rule_id - const { body } = await securitySolutionApi + const { body } = await detectionsApi .deleteRule({ query: { rule_id: 'rule-1' } }) .expect(200); @@ -60,7 +60,7 @@ export default ({ getService }: FtrProviderContext): void => { const bodyWithCreatedRule = await createRule(supertest, log, getSimpleRuleWithoutRuleId()); // delete that rule by its auto-generated rule_id - const { body } = await securitySolutionApi + const { body } = await detectionsApi .deleteRule({ query: { rule_id: bodyWithCreatedRule.rule_id } }) .expect(200); @@ -77,7 +77,7 @@ export default ({ getService }: FtrProviderContext): void => { const bodyWithCreatedRule = await createRule(supertest, log, getSimpleRule()); // delete that rule by its auto-generated id - const { body } = await securitySolutionApi + const { body } = await detectionsApi .deleteRule({ query: { id: bodyWithCreatedRule.id } }) .expect(200); @@ -91,7 +91,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should return an error if the id does not exist when trying to delete it', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .deleteRule({ query: { id: 'c1e1b359-7ac1-4e96-bc81-c683c092436f' } }) .expect(404); @@ -102,7 +102,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should return an error if the rule_id does not exist when trying to delete it', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .deleteRule({ query: { rule_id: 'fake_id' } }) .expect(404); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules_bulk.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules_bulk.ts index dd73fa4d848b3..31724a285c8f4 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules_bulk.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/basic_license_essentials_tier/delete_rules_bulk.ts @@ -27,7 +27,7 @@ import { export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const es = getService('es'); const utils = getService('securitySolutionUtils'); @@ -47,7 +47,7 @@ export default ({ getService }: FtrProviderContext): void => { await createRule(supertest, log, getSimpleRule()); // delete the rule in bulk - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkDeleteRules({ body: [{ rule_id: 'rule-1' }] }) .expect(200); @@ -61,7 +61,7 @@ export default ({ getService }: FtrProviderContext): void => { const bodyWithCreatedRule = await createRule(supertest, log, getSimpleRuleWithoutRuleId()); // delete that rule by its rule_id - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkDeleteRules({ body: [{ rule_id: bodyWithCreatedRule.rule_id }] }) .expect(200); @@ -78,7 +78,7 @@ export default ({ getService }: FtrProviderContext): void => { const bodyWithCreatedRule = await createRule(supertest, log, getSimpleRule()); // delete that rule by its id - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkDeleteRules({ body: [{ id: bodyWithCreatedRule.id }] }) .expect(200); @@ -92,7 +92,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should return an error if the ruled_id does not exist when trying to delete a rule_id', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkDeleteRules({ body: [{ rule_id: 'fake_id' }] }) .expect(200); @@ -108,7 +108,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should return an error if the id does not exist when trying to delete an id', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkDeleteRules({ body: [{ id: 'c4e80a0d-e20f-4efc-84c1-08112da5a612' }] }) .expect(200); @@ -126,7 +126,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should delete a single rule using an auto generated rule_id but give an error if the second rule does not exist', async () => { const bodyWithCreatedRule = await createRule(supertest, log, getSimpleRuleWithoutRuleId()); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkDeleteRules({ body: [{ id: bodyWithCreatedRule.id }, { id: 'c4e80a0d-e20f-4efc-84c1-08112da5a612' }], }) diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules.ts index f286f4c08dd00..9bf520bb98033 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules.ts @@ -26,7 +26,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const es = getService('es'); const utils = getService('securitySolutionUtils'); @@ -46,7 +46,7 @@ export default ({ getService }: FtrProviderContext): void => { await createRule(supertest, log, getSimpleRule('rule-1')); // delete the rule by its rule_id - const { body } = await securitySolutionApi + const { body } = await detectionsApi .deleteRule({ query: { rule_id: 'rule-1' } }) .expect(200); @@ -60,7 +60,7 @@ export default ({ getService }: FtrProviderContext): void => { const bodyWithCreatedRule = await createRule(supertest, log, getSimpleRuleWithoutRuleId()); // delete that rule by its auto-generated rule_id - const { body } = await securitySolutionApi + const { body } = await detectionsApi .deleteRule({ query: { rule_id: bodyWithCreatedRule.rule_id } }) .expect(200); @@ -77,7 +77,7 @@ export default ({ getService }: FtrProviderContext): void => { const bodyWithCreatedRule = await createRule(supertest, log, getSimpleRule()); // delete that rule by its auto-generated id - const { body } = await securitySolutionApi + const { body } = await detectionsApi .deleteRule({ query: { id: bodyWithCreatedRule.id } }) .expect(200); @@ -91,7 +91,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should return an error if the id does not exist when trying to delete it', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .deleteRule({ query: { id: 'c1e1b359-7ac1-4e96-bc81-c683c092436f' } }) .expect(404); @@ -102,7 +102,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should return an error if the rule_id does not exist when trying to delete it', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .deleteRule({ query: { rule_id: 'fake_id' } }) .expect(404); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules_bulk.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules_bulk.ts index 1593dca5a3787..77bbb90f30f34 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules_bulk.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules_bulk.ts @@ -32,7 +32,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const es = getService('es'); const utils = getService('securitySolutionUtils'); @@ -43,7 +43,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should return a warning header', async () => { await createRule(supertest, log, getSimpleRule()); - const { header } = await securitySolutionApi + const { header } = await detectionsApi .bulkDeleteRules({ body: [{ rule_id: 'rule-1' }] }) .expect(200); @@ -69,7 +69,7 @@ export default ({ getService }: FtrProviderContext): void => { await createRule(supertest, log, getSimpleRule()); // delete the rule in bulk - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkDeleteRules({ body: [{ rule_id: 'rule-1' }] }) .expect(200); @@ -83,7 +83,7 @@ export default ({ getService }: FtrProviderContext): void => { const bodyWithCreatedRule = await createRule(supertest, log, getSimpleRuleWithoutRuleId()); // delete that rule by its rule_id - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkDeleteRules({ body: [{ rule_id: bodyWithCreatedRule.rule_id }] }) .expect(200); @@ -100,7 +100,7 @@ export default ({ getService }: FtrProviderContext): void => { const bodyWithCreatedRule = await createRule(supertest, log, getSimpleRule()); // delete that rule by its id - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkDeleteRules({ body: [{ id: bodyWithCreatedRule.id }] }) .expect(200); @@ -114,7 +114,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should return an error if the ruled_id does not exist when trying to delete a rule_id', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkDeleteRules({ body: [{ rule_id: 'fake_id' }] }) .expect(200); @@ -130,7 +130,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should return an error if the id does not exist when trying to delete an id', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkDeleteRules({ body: [{ id: 'c4e80a0d-e20f-4efc-84c1-08112da5a612' }] }) .expect(200); @@ -148,7 +148,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should delete a single rule using an auto generated rule_id but give an error if the second rule does not exist', async () => { const bodyWithCreatedRule = await createRule(supertest, log, getSimpleRuleWithoutRuleId()); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkDeleteRules({ body: [{ id: bodyWithCreatedRule.id }, { id: 'c4e80a0d-e20f-4efc-84c1-08112da5a612' }], }) @@ -336,7 +336,7 @@ export default ({ getService }: FtrProviderContext): void => { it('DELETE - should delete a single rule with investigation field', async () => { // delete the rule in bulk - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkDeleteRules({ body: [ { rule_id: 'rule-with-investigation-field' }, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules_ess.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules_ess.ts index c2a08ac3b00c7..6d04cd8d5c732 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules_ess.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_delete/trial_license_complete_tier/delete_rules_ess.ts @@ -26,7 +26,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const es = getService('es'); @@ -60,7 +60,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('deletes rule with investigation fields as array', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .deleteRule({ query: { rule_id: ruleWithLegacyInvestigationField.params.ruleId } }) .expect(200); @@ -71,7 +71,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('deletes rule with investigation fields as empty array', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .deleteRule({ query: { rule_id: ruleWithLegacyInvestigationFieldEmptyArray.params.ruleId }, }) @@ -82,7 +82,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('deletes rule with investigation fields as intended object type', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .deleteRule({ query: { rule_id: 'rule-with-investigation-field' } }) .expect(200); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/export_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/export_rules.ts index 5b8cc2cb3f384..a9fd72644f194 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/export_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/export_rules.ts @@ -15,7 +15,7 @@ import { deleteAllRules } from '../../../../../../common/utils/security_solution export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const log = getService('log'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); describe('@ess @serverless @serverlessQA export_rules', () => { describe('exporting rules', () => { @@ -26,9 +26,9 @@ export default ({ getService }: FtrProviderContext): void => { it('should set the response content types to be expected', async () => { const ruleToExport = getCustomQueryRuleParams(); - await securitySolutionApi.createRule({ body: ruleToExport }); + await detectionsApi.createRule({ body: ruleToExport }); - await securitySolutionApi + await detectionsApi .exportRules({ query: {}, body: null }) .expect(200) .expect('Content-Type', 'application/ndjson') @@ -38,9 +38,9 @@ export default ({ getService }: FtrProviderContext): void => { it('should export a single rule with a rule_id', async () => { const ruleToExport = getCustomQueryRuleParams(); - await securitySolutionApi.createRule({ body: ruleToExport }); + await detectionsApi.createRule({ body: ruleToExport }); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .exportRules({ query: {}, body: null }) .expect(200) .parse(binaryToString); @@ -52,15 +52,15 @@ export default ({ getService }: FtrProviderContext): void => { it('exports a set of custom rules via the _export API', async () => { await Promise.all([ - securitySolutionApi + detectionsApi .createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-id-1' }) }) .expect(200), - securitySolutionApi + detectionsApi .createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-id-2' }) }) .expect(200), ]); - const { body: exportResult } = await securitySolutionApi + const { body: exportResult } = await detectionsApi .exportRules({ query: {}, body: null }) .expect(200) .parse(binaryToString); @@ -109,9 +109,9 @@ export default ({ getService }: FtrProviderContext): void => { ], }; - await securitySolutionApi.createRule({ body: ruleToExport }); + await detectionsApi.createRule({ body: ruleToExport }); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .exportRules({ query: {}, body: null }) .expect(200) .parse(binaryToString); @@ -124,9 +124,9 @@ export default ({ getService }: FtrProviderContext): void => { it('should have export summary reflecting a number of rules', async () => { const ruleToExport = getCustomQueryRuleParams(); - await securitySolutionApi.createRule({ body: ruleToExport }); + await detectionsApi.createRule({ body: ruleToExport }); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .exportRules({ query: {}, body: null }) .expect(200) .parse(binaryToString); @@ -145,10 +145,10 @@ export default ({ getService }: FtrProviderContext): void => { const ruleToExport1 = getCustomQueryRuleParams({ rule_id: 'rule-1' }); const ruleToExport2 = getCustomQueryRuleParams({ rule_id: 'rule-2' }); - await securitySolutionApi.createRule({ body: ruleToExport1 }); - await securitySolutionApi.createRule({ body: ruleToExport2 }); + await detectionsApi.createRule({ body: ruleToExport1 }); + await detectionsApi.createRule({ body: ruleToExport2 }); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .exportRules({ query: {}, body: null }) .expect(200) .parse(binaryToString); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/import_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/import_rules.ts index 2666f9d681598..ee8e6e5ac9f1b 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/import_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/import_rules.ts @@ -14,7 +14,7 @@ import { deleteAllRules } from '../../../../../../common/utils/security_solution export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); describe('@ess @serverless @serverlessQA import_rules', () => { @@ -26,7 +26,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should set the response content types to be expected', async () => { const ndjson = combineToNdJson(getCustomQueryRuleParams()); - await securitySolutionApi + await detectionsApi .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect('Content-Type', 'application/json; charset=utf-8') @@ -34,7 +34,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should reject with an error if the file type is not that of a ndjson', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .importRules({ query: {} }) .attach('file', Buffer.from(''), 'rules.txt') .expect(400); @@ -48,7 +48,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should report that it imported a simple rule successfully', async () => { const ndjson = combineToNdJson(getCustomQueryRuleParams()); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); @@ -65,12 +65,12 @@ export default ({ getService }: FtrProviderContext): void => { const ruleToImport = getCustomQueryRuleParams({ rule_id: 'rule-to-import' }); const ndjson = combineToNdJson(ruleToImport); - await securitySolutionApi + await detectionsApi .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); - const { body: importedRule } = await securitySolutionApi + const { body: importedRule } = await detectionsApi .readRule({ query: { rule_id: 'rule-to-import' }, }) @@ -87,7 +87,7 @@ export default ({ getService }: FtrProviderContext): void => { }) ); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); @@ -107,7 +107,7 @@ export default ({ getService }: FtrProviderContext): void => { }) ); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); @@ -146,12 +146,12 @@ export default ({ getService }: FtrProviderContext): void => { const ndjson = combineToNdJson(ruleToImport); - await securitySolutionApi + await detectionsApi .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); - const { body: importedRule } = await securitySolutionApi + const { body: importedRule } = await detectionsApi .readRule({ query: { rule_id: 'rule-1' }, }) @@ -170,7 +170,7 @@ export default ({ getService }: FtrProviderContext): void => { }) ); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); @@ -195,7 +195,7 @@ export default ({ getService }: FtrProviderContext): void => { }) ) ); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); @@ -234,7 +234,7 @@ export default ({ getService }: FtrProviderContext): void => { ) ); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(500); @@ -255,7 +255,7 @@ export default ({ getService }: FtrProviderContext): void => { }) ); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); @@ -286,7 +286,7 @@ export default ({ getService }: FtrProviderContext): void => { }) ); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .importRules({ query: { overwrite: true } }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); @@ -304,11 +304,11 @@ export default ({ getService }: FtrProviderContext): void => { rule_id: 'rule-1', }); - await securitySolutionApi.createRule({ body: ruleToImport }); + await detectionsApi.createRule({ body: ruleToImport }); const ndjson = combineToNdJson(ruleToImport); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); @@ -334,11 +334,11 @@ export default ({ getService }: FtrProviderContext): void => { rule_id: 'rule-1', }); - await securitySolutionApi.createRule({ body: ruleToImport }); + await detectionsApi.createRule({ body: ruleToImport }); const ndjson = combineToNdJson(ruleToImport); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .importRules({ query: { overwrite: true } }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); @@ -356,7 +356,7 @@ export default ({ getService }: FtrProviderContext): void => { rule_id: 'rule-to-overwrite', }); - await securitySolutionApi.createRule({ body: ruleToImport }); + await detectionsApi.createRule({ body: ruleToImport }); const ndjson = combineToNdJson( getCustomQueryRuleParams({ @@ -365,12 +365,12 @@ export default ({ getService }: FtrProviderContext): void => { }) ); - await securitySolutionApi + await detectionsApi .importRules({ query: { overwrite: true } }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); - const { body: importedRule } = await securitySolutionApi + const { body: importedRule } = await detectionsApi .readRule({ query: { rule_id: 'rule-to-overwrite' }, }) @@ -386,9 +386,9 @@ export default ({ getService }: FtrProviderContext): void => { rule_id: 'rule-to-overwrite', }); - await securitySolutionApi.createRule({ body: ruleToImport }); + await detectionsApi.createRule({ body: ruleToImport }); - const { body: ruleBeforeOverwriting } = await securitySolutionApi + const { body: ruleBeforeOverwriting } = await detectionsApi .readRule({ query: { rule_id: 'rule-to-overwrite' }, }) @@ -401,12 +401,12 @@ export default ({ getService }: FtrProviderContext): void => { }) ); - await securitySolutionApi + await detectionsApi .importRules({ query: { overwrite: true } }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); - const { body: ruleAfterOverwriting } = await securitySolutionApi + const { body: ruleAfterOverwriting } = await detectionsApi .readRule({ query: { rule_id: 'rule-to-overwrite' }, }) @@ -425,7 +425,7 @@ export default ({ getService }: FtrProviderContext): void => { rule_id: 'existing-rule', }); - await securitySolutionApi.createRule({ body: ruleToImport }); + await detectionsApi.createRule({ body: ruleToImport }); const ndjson = combineToNdJson( getCustomQueryRuleParams({ @@ -439,7 +439,7 @@ export default ({ getService }: FtrProviderContext): void => { }) ); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); @@ -461,12 +461,12 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should report a mix of conflicts and a mix of successes', async () => { - await securitySolutionApi.createRule({ + await detectionsApi.createRule({ body: getCustomQueryRuleParams({ rule_id: 'existing-rule-1', }), }); - await securitySolutionApi.createRule({ + await detectionsApi.createRule({ body: getCustomQueryRuleParams({ rule_id: 'existing-rule-2', }), @@ -484,7 +484,7 @@ export default ({ getService }: FtrProviderContext): void => { }) ); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); @@ -523,29 +523,29 @@ export default ({ getService }: FtrProviderContext): void => { rule_id: 'non-existing-rule', }); - await securitySolutionApi.createRule({ body: existingRule1 }); - await securitySolutionApi.createRule({ body: existingRule2 }); + await detectionsApi.createRule({ body: existingRule1 }); + await detectionsApi.createRule({ body: existingRule2 }); const ndjson = combineToNdJson(existingRule1, existingRule2, ruleToImportSuccessfully); - await securitySolutionApi + await detectionsApi .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); - const { body: rule1 } = await securitySolutionApi + const { body: rule1 } = await detectionsApi .readRule({ query: { rule_id: 'existing-rule-1' }, }) .expect(200); - const { body: rule2 } = await securitySolutionApi + const { body: rule2 } = await detectionsApi .readRule({ query: { rule_id: 'existing-rule-2' }, }) .expect(200); - const { body: rule3 } = await securitySolutionApi + const { body: rule3 } = await detectionsApi .readRule({ query: { rule_id: 'non-existing-rule' }, }) diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/import_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/import_rules.ts index 29eecc6562e90..18685a1bee868 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/import_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/trial_license_complete_tier/import_rules.ts @@ -39,8 +39,8 @@ const RULE_TO_IMPORT_RULE_ID_2 = 'another-imported-rule'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); - const securitySolutionExceptionsApi = getService('securitySolutionExceptionsApi'); + const detectionsApi = getService('detectionsApi'); + const exceptionsApi = getService('exceptionsApi'); const log = getService('log'); const spacesServices = getService('spaces'); @@ -187,7 +187,7 @@ export default ({ getService }: FtrProviderContext): void => { spaceId: kibanaSpaceId, }); - const { body: importedRule } = await securitySolutionApi.readRule( + const { body: importedRule } = await detectionsApi.readRule( { query: { rule_id: RULE_TO_IMPORT_RULE_ID }, }, @@ -224,7 +224,7 @@ export default ({ getService }: FtrProviderContext): void => { spaceId: kibanaSpaceId, }); - const { body: importedRule } = await securitySolutionApi.readRule( + const { body: importedRule } = await detectionsApi.readRule( { query: { rule_id: RULE_TO_IMPORT_RULE_ID }, }, @@ -261,7 +261,7 @@ export default ({ getService }: FtrProviderContext): void => { spaceId: kibanaSpaceId, }); - const { body: importedRule1 } = await securitySolutionApi.readRule( + const { body: importedRule1 } = await detectionsApi.readRule( { query: { rule_id: RULE_TO_IMPORT_RULE_ID }, }, @@ -270,7 +270,7 @@ export default ({ getService }: FtrProviderContext): void => { expect(importedRule1).toMatchObject(IMPORT_PAYLOAD[0]); - const { body: importedRule2 } = await securitySolutionApi.readRule( + const { body: importedRule2 } = await detectionsApi.readRule( { query: { rule_id: RULE_TO_IMPORT_RULE_ID_2 }, }, @@ -310,7 +310,7 @@ export default ({ getService }: FtrProviderContext): void => { spaceId: kibanaSpaceId, }); - const { body: importedRule } = await securitySolutionApi.readRule( + const { body: importedRule } = await detectionsApi.readRule( { query: { rule_id: RULE_TO_IMPORT_RULE_ID }, }, @@ -414,7 +414,7 @@ export default ({ getService }: FtrProviderContext): void => { query: ReadExceptionListRequestQueryInput; expected: Record; }) => { - const { body: exceptionList } = await securitySolutionExceptionsApi + const { body: exceptionList } = await exceptionsApi .readExceptionList( { query, @@ -432,7 +432,7 @@ export default ({ getService }: FtrProviderContext): void => { query: ReadExceptionListItemRequestQueryInput; expected: Record; }) => { - const { body: exceptionListItem } = await securitySolutionExceptionsApi + const { body: exceptionListItem } = await exceptionsApi .readExceptionListItem( { query, @@ -488,7 +488,7 @@ export default ({ getService }: FtrProviderContext): void => { exceptions_success_count: 1, }); - const { body: importedRule } = await securitySolutionApi.readRule( + const { body: importedRule } = await detectionsApi.readRule( { query: { rule_id: RULE_TO_IMPORT_RULE_ID }, }, @@ -564,7 +564,7 @@ export default ({ getService }: FtrProviderContext): void => { exceptions_success_count: 1, }); - const { body: importedRule } = await securitySolutionApi.readRule( + const { body: importedRule } = await detectionsApi.readRule( { query: { rule_id: RULE_TO_IMPORT_RULE_ID }, }, @@ -674,7 +674,7 @@ export default ({ getService }: FtrProviderContext): void => { exceptions_success_count: 1, }); - const { body: importedRule } = await securitySolutionApi.readRule( + const { body: importedRule } = await detectionsApi.readRule( { query: { rule_id: RULE_TO_IMPORT_RULE_ID }, }, @@ -772,7 +772,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('removes non-existent exception list from the imported rule', async () => { - const { body: exceptionBody } = await securitySolutionExceptionsApi + const { body: exceptionBody } = await exceptionsApi .createExceptionList( { body: { @@ -831,7 +831,7 @@ export default ({ getService }: FtrProviderContext): void => { exceptions_success_count: 0, }); - const { body: importedRule } = await securitySolutionApi.readRule( + const { body: importedRule } = await detectionsApi.readRule( { query: { rule_id: RULE_TO_IMPORT_RULE_ID }, }, @@ -1527,7 +1527,7 @@ export default ({ getService }: FtrProviderContext): void => { overwrite: false, }); - const { body: importedRule } = await securitySolutionApi.readRule({ + const { body: importedRule } = await detectionsApi.readRule({ query: { rule_id: RULE_TO_IMPORT_RULE_ID }, }); @@ -1564,7 +1564,7 @@ export default ({ getService }: FtrProviderContext): void => { spaceId, }); - const { body: importedRule } = await securitySolutionApi.readRule( + const { body: importedRule } = await detectionsApi.readRule( { query: { rule_id: RULE_TO_IMPORT_RULE_ID }, }, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules.ts index 6c6043a86194b..1a95e709b34cb 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules.ts @@ -21,7 +21,7 @@ import { export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const utils = getService('securitySolutionUtils'); @@ -35,7 +35,7 @@ export default ({ getService }: FtrProviderContext) => { await createRule(supertest, log, getSimpleRule('rule-1')); // patch a simple rule's name - const { body } = await securitySolutionApi + const { body } = await detectionsApi .patchRule({ body: { rule_id: 'rule-1', name: 'some other name' } }) .expect(200); @@ -65,11 +65,11 @@ export default ({ getService }: FtrProviderContext) => { required_fields: [{ name: '@timestamp', type: 'date', ecs: true }], }; - await securitySolutionApi.createRule({ + await detectionsApi.createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-1' }), }); - const { body: patchedRuleResponse } = await securitySolutionApi + const { body: patchedRuleResponse } = await detectionsApi .patchRule({ body: { ...rulePatchProperties, @@ -79,7 +79,7 @@ export default ({ getService }: FtrProviderContext) => { expect(patchedRuleResponse).toMatchObject(expectedRule); - const { body: patchedRule } = await securitySolutionApi + const { body: patchedRule } = await detectionsApi .readRule({ query: { rule_id: 'rule-1' }, }) @@ -95,7 +95,7 @@ export default ({ getService }: FtrProviderContext) => { await createRule(supertest, log, getSimpleRule('rule-1')); // patch a simple rule's type to machine learning - const { body } = await securitySolutionApi + const { body } = await detectionsApi .patchRule({ body: { rule_id: 'rule-1', type: 'machine_learning' } }) .expect(403); @@ -113,7 +113,7 @@ export default ({ getService }: FtrProviderContext) => { const createRuleBody = await createRule(supertest, log, rule); // patch a simple rule's name - const { body } = await securitySolutionApi + const { body } = await detectionsApi .patchRule({ body: { rule_id: createRuleBody.rule_id, name: 'some other name' } }) .expect(200); @@ -130,7 +130,7 @@ export default ({ getService }: FtrProviderContext) => { const createdBody = await createRule(supertest, log, getSimpleRule('rule-1')); // patch a simple rule's name - const { body } = await securitySolutionApi + const { body } = await detectionsApi .patchRule({ body: { id: createdBody.id, name: 'some other name' } }) .expect(200); @@ -147,7 +147,7 @@ export default ({ getService }: FtrProviderContext) => { await createRule(supertest, log, getSimpleRule('rule-1')); // patch a simple rule's enabled to false - const { body } = await securitySolutionApi + const { body } = await detectionsApi .patchRule({ body: { rule_id: 'rule-1', enabled: false } }) .expect(200); @@ -163,7 +163,7 @@ export default ({ getService }: FtrProviderContext) => { await createRule(supertest, log, getSimpleRule('rule-1')); // patch a simple rule's enabled to false and another property - const { body } = await securitySolutionApi + const { body } = await detectionsApi .patchRule({ body: { rule_id: 'rule-1', severity: 'low', enabled: false } }) .expect(200); @@ -181,14 +181,14 @@ export default ({ getService }: FtrProviderContext) => { await createRule(supertest, log, getSimpleRule('rule-1')); // patch a simple rule's timeline_title - await securitySolutionApi + await detectionsApi .patchRule({ body: { rule_id: 'rule-1', timeline_title: 'some title', timeline_id: 'some id' }, }) .expect(200); // patch a simple rule's name - const { body } = await securitySolutionApi + const { body } = await detectionsApi .patchRule({ body: { rule_id: 'rule-1', name: 'some other name' } }) .expect(200); @@ -204,7 +204,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should give a 404 if it is given a fake id', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .patchRule({ body: { id: '5096dec6-b6b9-4d8d-8f93-6c2602079d9d', name: 'some other name' }, }) @@ -217,7 +217,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should give a 404 if it is given a fake rule_id', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .patchRule({ body: { rule_id: 'fake_id', name: 'some other name' } }) .expect(404); @@ -229,11 +229,11 @@ export default ({ getService }: FtrProviderContext) => { describe('max signals', () => { it('does NOT patch a rule when max_signals is less than 1', async () => { - await securitySolutionApi.createRule({ + await detectionsApi.createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-1', max_signals: 100 }), }); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .patchRule({ body: { rule_id: 'rule-1', @@ -249,7 +249,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should not change required_fields when not present in patch body', async () => { - await securitySolutionApi.createRule({ + await detectionsApi.createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-1', required_fields: [ @@ -262,7 +262,7 @@ export default ({ getService }: FtrProviderContext) => { }); // patch a simple rule's name - const { body: patchedRule } = await securitySolutionApi + const { body: patchedRule } = await detectionsApi .patchRule({ body: { rule_id: 'rule-1', name: 'some other name' } }) .expect(200); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules_bulk.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules_bulk.ts index 7929b912768ff..017de4d580a12 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules_bulk.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules_bulk.ts @@ -29,7 +29,7 @@ import { export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const es = getService('es'); const utils = getService('securitySolutionUtils'); @@ -49,7 +49,7 @@ export default ({ getService }: FtrProviderContext) => { await createRule(supertest, log, getSimpleRule('rule-1')); // patch a simple rule's name - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkPatchRules({ body: [{ rule_id: 'rule-1', name: 'some other name' }] }) .expect(200); @@ -78,11 +78,11 @@ export default ({ getService }: FtrProviderContext) => { required_fields: [{ name: '@timestamp', type: 'date', ecs: true }], }; - await securitySolutionApi.createRule({ + await detectionsApi.createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-1' }), }); - const { body: patchedRulesBulkResponse } = await securitySolutionApi + const { body: patchedRulesBulkResponse } = await detectionsApi .bulkPatchRules({ body: [ { @@ -94,7 +94,7 @@ export default ({ getService }: FtrProviderContext) => { expect(patchedRulesBulkResponse[0]).toMatchObject(expectedRule); - const { body: patchedRule } = await securitySolutionApi + const { body: patchedRule } = await detectionsApi .readRule({ query: { rule_id: 'rule-1' }, }) @@ -109,7 +109,7 @@ export default ({ getService }: FtrProviderContext) => { const username = await utils.getUsername(); // patch both rule names - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkPatchRules({ body: [ { rule_id: 'rule-1', name: 'some other name' }, @@ -138,7 +138,7 @@ export default ({ getService }: FtrProviderContext) => { const createRuleBody = await createRule(supertest, log, getSimpleRule('rule-1')); // patch a simple rule's name - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkPatchRules({ body: [{ id: createRuleBody.id, name: 'some other name' }] }) .expect(200); @@ -156,7 +156,7 @@ export default ({ getService }: FtrProviderContext) => { const username = await utils.getUsername(); // patch both rule names - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkPatchRules({ body: [ { id: createRule1.id, name: 'some other name' }, @@ -185,7 +185,7 @@ export default ({ getService }: FtrProviderContext) => { const createdBody = await createRule(supertest, log, getSimpleRule('rule-1')); // patch a simple rule's name - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkPatchRules({ body: [{ id: createdBody.id, name: 'some other name' }] }) .expect(200); @@ -202,7 +202,7 @@ export default ({ getService }: FtrProviderContext) => { await createRule(supertest, log, getSimpleRule('rule-1')); // patch a simple rule's enabled to false - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkPatchRules({ body: [{ rule_id: 'rule-1', enabled: false }] }) .expect(200); @@ -218,7 +218,7 @@ export default ({ getService }: FtrProviderContext) => { await createRule(supertest, log, getSimpleRule('rule-1')); // patch a simple rule's enabled to false and another property - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkPatchRules({ body: [{ rule_id: 'rule-1', severity: 'low', enabled: false }] }) .expect(200); @@ -236,14 +236,14 @@ export default ({ getService }: FtrProviderContext) => { await createRule(supertest, log, getSimpleRule('rule-1')); // patch a simple rule's timeline_title - await securitySolutionApi + await detectionsApi .bulkPatchRules({ body: [{ rule_id: 'rule-1', timeline_title: 'some title', timeline_id: 'some id' }], }) .expect(200); // patch a simple rule's name - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkPatchRules({ body: [{ rule_id: 'rule-1', name: 'some other name' }] }) .expect(200); @@ -259,7 +259,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should return a 200 but give a 404 in the message if it is given a fake id', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkPatchRules({ body: [{ id: '5096dec6-b6b9-4d8d-8f93-6c2602079d9d', name: 'some other name' }], }) @@ -277,7 +277,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should return a 200 but give a 404 in the message if it is given a fake rule_id', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkPatchRules({ body: [{ rule_id: 'fake_id', name: 'some other name' }] }) .expect(200); @@ -293,7 +293,7 @@ export default ({ getService }: FtrProviderContext) => { await createRule(supertest, log, getSimpleRule('rule-1')); // patch one rule name and give a fake id for the second - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkPatchRules({ body: [ { rule_id: 'rule-1', name: 'some other name' }, @@ -324,7 +324,7 @@ export default ({ getService }: FtrProviderContext) => { const createdBody = await createRule(supertest, log, getSimpleRule('rule-1')); // patch one rule name and give a fake id for the second - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkPatchRules({ body: [ { id: createdBody.id, name: 'some other name' }, @@ -359,7 +359,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await installPrebuiltRules(es, supertest); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkPatchRules({ body: [ { rule_id: 'rule-1', author: ['new user'] }, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/patch_rules_bulk.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/patch_rules_bulk.ts index be53035d07e26..4c2583f556eff 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/patch_rules_bulk.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/patch_rules_bulk.ts @@ -36,7 +36,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const es = getService('es'); const utils = getService('securitySolutionUtils'); @@ -51,7 +51,7 @@ export default ({ getService }: FtrProviderContext) => { it('should return a warning header', async () => { await createRule(supertest, log, getSimpleRule('rule-1')); - const { header } = await securitySolutionApi + const { header } = await detectionsApi .bulkPatchRules({ body: [{ rule_id: 'rule-1', name: 'some other name' }] }) .expect(200); @@ -77,7 +77,7 @@ export default ({ getService }: FtrProviderContext) => { await createRule(supertest, log, getSimpleRule('rule-1')); // patch a simple rule's name - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkPatchRules({ body: [{ rule_id: 'rule-1', name: 'some other name' }] }) .expect(200); @@ -95,7 +95,7 @@ export default ({ getService }: FtrProviderContext) => { const username = await utils.getUsername(); // patch both rule names - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkPatchRules({ body: [ { rule_id: 'rule-1', name: 'some other name' }, @@ -124,7 +124,7 @@ export default ({ getService }: FtrProviderContext) => { const createRuleBody = await createRule(supertest, log, getSimpleRule('rule-1')); // patch a simple rule's name - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkPatchRules({ body: [{ id: createRuleBody.id, name: 'some other name' }] }) .expect(200); @@ -141,7 +141,7 @@ export default ({ getService }: FtrProviderContext) => { const username = await utils.getUsername(); // patch both rule names - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkPatchRules({ body: [ { id: createRule1.id, name: 'some other name' }, @@ -193,7 +193,7 @@ export default ({ getService }: FtrProviderContext) => { ).to.eql([rule1.id, rule2.id].sort()); // patch a simple rule's name - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkPatchRules({ body: [ { id: rule1.id, enabled: false }, @@ -234,7 +234,7 @@ export default ({ getService }: FtrProviderContext) => { const createdBody = await createRule(supertest, log, getSimpleRule('rule-1')); // patch a simple rule's name - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkPatchRules({ body: [{ id: createdBody.id, name: 'some other name' }] }) .expect(200); @@ -249,7 +249,7 @@ export default ({ getService }: FtrProviderContext) => { await createRule(supertest, log, getSimpleRule('rule-1')); // patch a simple rule's enabled to false - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkPatchRules({ body: [{ rule_id: 'rule-1', enabled: false }] }) .expect(200); @@ -265,7 +265,7 @@ export default ({ getService }: FtrProviderContext) => { await createRule(supertest, log, getSimpleRule('rule-1')); // patch a simple rule's enabled to false and another property - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkPatchRules({ body: [{ rule_id: 'rule-1', severity: 'low', enabled: false }] }) .expect(200); @@ -283,14 +283,14 @@ export default ({ getService }: FtrProviderContext) => { await createRule(supertest, log, getSimpleRule('rule-1')); // patch a simple rule's timeline_title - await securitySolutionApi + await detectionsApi .bulkPatchRules({ body: [{ rule_id: 'rule-1', timeline_title: 'some title', timeline_id: 'some id' }], }) .expect(200); // patch a simple rule's name - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkPatchRules({ body: [{ rule_id: 'rule-1', name: 'some other name' }] }) .expect(200); @@ -306,7 +306,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should return a 200 but give a 404 in the message if it is given a fake id', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkPatchRules({ body: [{ id: '5096dec6-b6b9-4d8d-8f93-6c2602079d9d', name: 'some other name' }], }) @@ -324,7 +324,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should return a 200 but give a 404 in the message if it is given a fake rule_id', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkPatchRules({ body: [{ rule_id: 'fake_id', name: 'some other name' }] }) .expect(200); @@ -340,7 +340,7 @@ export default ({ getService }: FtrProviderContext) => { await createRule(supertest, log, getSimpleRule('rule-1')); // patch one rule name and give a fake id for the second - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkPatchRules({ body: [ { rule_id: 'rule-1', name: 'some other name' }, @@ -371,7 +371,7 @@ export default ({ getService }: FtrProviderContext) => { const createdBody = await createRule(supertest, log, getSimpleRule('rule-1')); // patch one rule name and give a fake id for the second - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkPatchRules({ body: [ { id: createdBody.id, name: 'some other name' }, @@ -412,7 +412,7 @@ export default ({ getService }: FtrProviderContext) => { ], }); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkPatchRules({ body: [ { @@ -445,7 +445,7 @@ export default ({ getService }: FtrProviderContext) => { await createRule(supertest, log, getSimpleRule('rule-1')); await createRule(supertest, log, getSimpleRule('rule-2')); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkPatchRules({ body: [ { @@ -516,7 +516,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('errors if trying to patch investigation fields using legacy format', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkPatchRules({ body: [ { @@ -536,7 +536,7 @@ export default ({ getService }: FtrProviderContext) => { it('should patch a rule with a legacy investigation field and migrate field', async () => { // patch a simple rule's name - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkPatchRules({ body: [ { rule_id: ruleWithLegacyInvestigationField.params.ruleId, name: 'some other name' }, @@ -561,7 +561,7 @@ export default ({ getService }: FtrProviderContext) => { it('should patch a rule with a legacy investigation field - empty array - and transform field in response', async () => { // patch a simple rule's name - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkPatchRules({ body: [ { @@ -600,7 +600,7 @@ export default ({ getService }: FtrProviderContext) => { }); // patch a simple rule's name - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkPatchRules({ body: [ { diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/find_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/find_rules.ts index 59dd94614850f..8e4387a644044 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/find_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/find_rules.ts @@ -20,7 +20,7 @@ import { createRule, deleteAllRules } from '../../../../../../common/utils/secur export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const utils = getService('securitySolutionUtils'); @@ -30,7 +30,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should return an empty find body correctly if no rules are loaded', async () => { - const { body } = await securitySolutionApi.findRules({ query: {} }).expect(200); + const { body } = await detectionsApi.findRules({ query: {} }).expect(200); expect(body).to.eql({ data: [], @@ -44,7 +44,7 @@ export default ({ getService }: FtrProviderContext): void => { await createRule(supertest, log, getSimpleRule()); // query the single rule from _find - const { body } = await securitySolutionApi.findRules({ query: {} }).expect(200); + const { body } = await detectionsApi.findRules({ query: {} }).expect(200); body.data = [removeServerGeneratedProperties(body.data[0])]; const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); @@ -59,10 +59,10 @@ export default ({ getService }: FtrProviderContext): void => { it('should return a single rule when a single rule is loaded from a find with everything for the rule added', async () => { // add a single rule - await securitySolutionApi.createRule({ body: getComplexRule() }).expect(200); + await detectionsApi.createRule({ body: getComplexRule() }).expect(200); // query and expect that we get back one record in the find - const { body } = await securitySolutionApi.findRules({ query: {} }).expect(200); + const { body } = await detectionsApi.findRules({ query: {} }).expect(200); body.data = [removeServerGeneratedProperties(body.data[0])]; const expectedRule = updateUsername(getComplexRuleOutput(), await utils.getUsername()); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/read_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/read_rules.ts index 98fd58e4315d6..adce207a3cbe5 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/read_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/basic_license_essentials_tier/read_rules.ts @@ -26,7 +26,7 @@ import { export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const es = getService('es'); const utils = getService('securitySolutionUtils'); @@ -45,9 +45,7 @@ export default ({ getService }: FtrProviderContext) => { it('should be able to read a single rule using rule_id', async () => { await createRule(supertest, log, getSimpleRule()); - const { body } = await securitySolutionApi - .readRule({ query: { rule_id: 'rule-1' } }) - .expect(200); + const { body } = await detectionsApi.readRule({ query: { rule_id: 'rule-1' } }).expect(200); const bodyToCompare = removeServerGeneratedProperties(body); const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); @@ -58,7 +56,7 @@ export default ({ getService }: FtrProviderContext) => { it('should be able to read a single rule using id', async () => { const createRuleBody = await createRule(supertest, log, getSimpleRule()); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .readRule({ query: { id: createRuleBody.id } }) .expect(200); @@ -71,7 +69,7 @@ export default ({ getService }: FtrProviderContext) => { it('should be able to read a single rule with an auto-generated rule_id', async () => { const createRuleBody = await createRule(supertest, log, getSimpleRuleWithoutRuleId()); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .readRule({ query: { rule_id: createRuleBody.rule_id } }) .expect(200); @@ -85,7 +83,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should return 404 if given a fake id', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .readRule({ query: { id: 'c1e1b359-7ac1-4e96-bc81-c683c092436f' } }) .expect(404); @@ -96,7 +94,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should return 404 if given a fake rule_id', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .readRule({ query: { rule_id: 'fake_id' } }) .expect(404); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/find_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/find_rules.ts index 23f04fa5303d9..836e12ef7dbe2 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/find_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/find_rules.ts @@ -21,7 +21,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const utils = getService('securitySolutionUtils'); @@ -31,7 +31,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should return an empty find body correctly if no rules are loaded', async () => { - const { body } = await securitySolutionApi.findRules({ query: {} }).expect(200); + const { body } = await detectionsApi.findRules({ query: {} }).expect(200); expect(body).to.eql({ data: [], @@ -45,7 +45,7 @@ export default ({ getService }: FtrProviderContext): void => { await createRule(supertest, log, getSimpleRule()); // query the single rule from _find - const { body } = await securitySolutionApi.findRules({ query: {} }).expect(200); + const { body } = await detectionsApi.findRules({ query: {} }).expect(200); body.data = [removeServerGeneratedProperties(body.data[0])]; const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); @@ -60,10 +60,10 @@ export default ({ getService }: FtrProviderContext): void => { it('should return a single rule when a single rule is loaded from a find with everything for the rule added', async () => { // add a single rule - await securitySolutionApi.createRule({ body: getComplexRule() }).expect(200); + await detectionsApi.createRule({ body: getComplexRule() }).expect(200); // query and expect that we get back one record in the find - const { body } = await securitySolutionApi.findRules({ query: {} }).expect(200); + const { body } = await detectionsApi.findRules({ query: {} }).expect(200); body.data = [removeServerGeneratedProperties(body.data[0])]; const expectedRule = updateUsername(getComplexRuleOutput(), await utils.getUsername()); @@ -100,7 +100,7 @@ export default ({ getService }: FtrProviderContext): void => { await createRule(supertest, log, rule); // query the single rule from _find - const { body } = await securitySolutionApi.findRules({ query: {} }).expect(200); + const { body } = await detectionsApi.findRules({ query: {} }).expect(200); const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); const ruleWithActions: ReturnType = { @@ -148,7 +148,7 @@ export default ({ getService }: FtrProviderContext): void => { await createRule(supertest, log, rule); // query the single rule from _find - const { body } = await securitySolutionApi.findRules({ query: {} }).expect(200); + const { body } = await detectionsApi.findRules({ query: {} }).expect(200); const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); const ruleWithActions: ReturnType = { diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/read_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/read_rules.ts index 8cc8d937b9065..2fa69223e5251 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/read_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_read/trial_license_complete_tier/read_rules.ts @@ -26,7 +26,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const es = getService('es'); const utils = getService('securitySolutionUtils'); @@ -45,9 +45,7 @@ export default ({ getService }: FtrProviderContext) => { it('should be able to read a single rule using rule_id', async () => { await createRule(supertest, log, getSimpleRule()); - const { body } = await securitySolutionApi - .readRule({ query: { rule_id: 'rule-1' } }) - .expect(200); + const { body } = await detectionsApi.readRule({ query: { rule_id: 'rule-1' } }).expect(200); const bodyToCompare = removeServerGeneratedProperties(body); const expectedRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); @@ -58,7 +56,7 @@ export default ({ getService }: FtrProviderContext) => { it('should be able to read a single rule using id', async () => { const createRuleBody = await createRule(supertest, log, getSimpleRule()); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .readRule({ query: { id: createRuleBody.id } }) .expect(200); @@ -71,7 +69,7 @@ export default ({ getService }: FtrProviderContext) => { it('should be able to read a single rule with an auto-generated rule_id', async () => { const createRuleBody = await createRule(supertest, log, getSimpleRuleWithoutRuleId()); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .readRule({ query: { rule_id: createRuleBody.rule_id } }) .expect(200); @@ -85,7 +83,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should return 404 if given a fake id', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .readRule({ query: { id: 'c1e1b359-7ac1-4e96-bc81-c683c092436f' } }) .expect(404); @@ -96,7 +94,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should return 404 if given a fake rule_id', async () => { - const { body } = await securitySolutionApi + const { body } = await detectionsApi .readRule({ query: { rule_id: 'fake_id' } }) .expect(404); @@ -128,7 +126,7 @@ export default ({ getService }: FtrProviderContext) => { }; const createRuleBody = await createRule(supertest, log, rule); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .readRule({ query: { id: createRuleBody.id } }) .expect(200); @@ -173,7 +171,7 @@ export default ({ getService }: FtrProviderContext) => { const createRuleBody = await createRule(supertest, log, rule); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .readRule({ query: { id: createRuleBody.id } }) .expect(200); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules.ts index 60e7bfe3ff88f..86db2c35b5d94 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules.ts @@ -28,7 +28,7 @@ import { export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const es = getService('es'); const utils = getService('securitySolutionUtils'); @@ -53,7 +53,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule.name = 'some other name'; delete updatedRule.id; - const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200); + const { body } = await detectionsApi.updateRule({ body: updatedRule }).expect(200); const outputRule = getSimpleRuleOutput(); outputRule.name = 'some other name'; @@ -81,11 +81,11 @@ export default ({ getService }: FtrProviderContext) => { required_fields: [{ name: '@timestamp', type: 'date', ecs: true }], }; - await securitySolutionApi.createRule({ + await detectionsApi.createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-1' }), }); - const { body: updatedRuleResponse } = await securitySolutionApi + const { body: updatedRuleResponse } = await detectionsApi .updateRule({ body: ruleUpdateProperties, }) @@ -93,7 +93,7 @@ export default ({ getService }: FtrProviderContext) => { expect(updatedRuleResponse).toMatchObject(expectedRule); - const { body: updatedRule } = await securitySolutionApi + const { body: updatedRule } = await detectionsApi .readRule({ query: { rule_id: 'rule-1' }, }) @@ -114,7 +114,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule.name = 'some other name'; delete updatedRule.id; - const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(403); + const { body } = await detectionsApi.updateRule({ body: updatedRule }).expect(403); expect(body).toEqual({ message: 'Your license does not support machine learning. Please upgrade your license.', @@ -134,7 +134,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule.name = 'some other name'; delete updatedRule.id; - const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200); + const { body } = await detectionsApi.updateRule({ body: updatedRule }).expect(200); const outputRule = getSimpleRuleOutputWithoutRuleId(); outputRule.name = 'some other name'; @@ -154,7 +154,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule.id = createdBody.id; delete updatedRule.rule_id; - const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200); + const { body } = await detectionsApi.updateRule({ body: updatedRule }).expect(200); const outputRule = getSimpleRuleOutput(); outputRule.name = 'some other name'; @@ -173,7 +173,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule.severity = 'low'; updatedRule.enabled = false; - const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200); + const { body } = await detectionsApi.updateRule({ body: updatedRule }).expect(200); const outputRule = getSimpleRuleOutput(); outputRule.enabled = false; @@ -193,13 +193,13 @@ export default ({ getService }: FtrProviderContext) => { ruleUpdate.timeline_id = 'some id'; // update a simple rule's timeline_title - await securitySolutionApi.updateRule({ body: ruleUpdate }).expect(200); + await detectionsApi.updateRule({ body: ruleUpdate }).expect(200); const ruleUpdate2 = getSimpleRuleUpdate('rule-1'); ruleUpdate2.name = 'some other name'; // update a simple rule's name - const { body } = await securitySolutionApi.updateRule({ body: ruleUpdate2 }).expect(200); + const { body } = await detectionsApi.updateRule({ body: ruleUpdate2 }).expect(200); const outputRule = getSimpleRuleOutput(); outputRule.name = 'some other name'; @@ -215,7 +215,7 @@ export default ({ getService }: FtrProviderContext) => { simpleRule.id = '5096dec6-b6b9-4d8d-8f93-6c2602079d9d'; delete simpleRule.rule_id; - const { body } = await securitySolutionApi.updateRule({ body: simpleRule }).expect(404); + const { body } = await detectionsApi.updateRule({ body: simpleRule }).expect(404); expect(body).toEqual({ status_code: 404, @@ -228,7 +228,7 @@ export default ({ getService }: FtrProviderContext) => { simpleRule.rule_id = 'fake_id'; delete simpleRule.id; - const { body } = await securitySolutionApi.updateRule({ body: simpleRule }).expect(404); + const { body } = await detectionsApi.updateRule({ body: simpleRule }).expect(404); expect(body).toEqual({ status_code: 404, @@ -247,11 +247,11 @@ export default ({ getService }: FtrProviderContext) => { max_signals: 100, }); - await securitySolutionApi.createRule({ + await detectionsApi.createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-1', max_signals: 200 }), }); - const { body: updatedRuleResponse } = await securitySolutionApi + const { body: updatedRuleResponse } = await detectionsApi .updateRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-1', @@ -264,11 +264,11 @@ export default ({ getService }: FtrProviderContext) => { }); it('does NOT update a rule when max_signals is less than 1', async () => { - await securitySolutionApi.createRule({ + await detectionsApi.createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-1', max_signals: 100 }), }); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .updateRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-1', @@ -290,14 +290,14 @@ export default ({ getService }: FtrProviderContext) => { required_fields: [], }); - await securitySolutionApi.createRule({ + await detectionsApi.createRule({ body: getCustomQueryRuleParams({ rule_id: 'required-fields-default-value-test', required_fields: [{ name: 'host.name', type: 'keyword' }], }), }); - const { body: updatedRuleResponse } = await securitySolutionApi + const { body: updatedRuleResponse } = await detectionsApi .updateRule({ body: getCustomQueryRuleParams({ rule_id: 'required-fields-default-value-test', diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules_bulk.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules_bulk.ts index cdca9e3ca6e1a..cd04dd509bc63 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules_bulk.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules_bulk.ts @@ -30,7 +30,7 @@ import { export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const es = getService('es'); const utils = getService('securitySolutionUtils'); @@ -53,9 +53,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule.name = 'some other name'; // update a simple rule's name - const { body } = await securitySolutionApi - .bulkUpdateRules({ body: [updatedRule] }) - .expect(200); + const { body } = await detectionsApi.bulkUpdateRules({ body: [updatedRule] }).expect(200); const outputRule = getSimpleRuleOutput(); outputRule.name = 'some other name'; @@ -83,11 +81,11 @@ export default ({ getService }: FtrProviderContext) => { required_fields: [{ name: '@timestamp', type: 'date', ecs: true }], }; - await securitySolutionApi.createRule({ + await detectionsApi.createRule({ body: getCustomQueryRuleParams({ rule_id: 'rule-1' }), }); - const { body: updatedRulesBulkResponse } = await securitySolutionApi + const { body: updatedRulesBulkResponse } = await detectionsApi .bulkUpdateRules({ body: [ruleUpdateProperties], }) @@ -95,7 +93,7 @@ export default ({ getService }: FtrProviderContext) => { expect(updatedRulesBulkResponse[0]).toMatchObject(expectedRule); - const { body: updatedRule } = await securitySolutionApi + const { body: updatedRule } = await detectionsApi .readRule({ query: { rule_id: 'rule-1' }, }) @@ -108,7 +106,7 @@ export default ({ getService }: FtrProviderContext) => { await createRule(supertest, log, getSimpleRule('rule-1')); // create a second simple rule - await securitySolutionApi.createRule({ body: getSimpleRule('rule-2') }).expect(200); + await detectionsApi.createRule({ body: getSimpleRule('rule-2') }).expect(200); const updatedRule1 = getSimpleRuleUpdate('rule-1'); updatedRule1.name = 'some other name'; @@ -117,7 +115,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule2.name = 'some other name'; // update both rule names - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkUpdateRules({ body: [updatedRule1, updatedRule2] }) .expect(200); @@ -147,9 +145,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule1.name = 'some other name'; delete updatedRule1.rule_id; - const { body } = await securitySolutionApi - .bulkUpdateRules({ body: [updatedRule1] }) - .expect(200); + const { body } = await detectionsApi.bulkUpdateRules({ body: [updatedRule1] }).expect(200); const outputRule = getSimpleRuleOutput(); outputRule.name = 'some other name'; @@ -175,7 +171,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule2.name = 'some other name'; delete updatedRule2.rule_id; - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkUpdateRules({ body: [updatedRule1, updatedRule2] }) .expect(200); @@ -205,9 +201,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule1.name = 'some other name'; delete updatedRule1.rule_id; - const { body } = await securitySolutionApi - .bulkUpdateRules({ body: [updatedRule1] }) - .expect(200); + const { body } = await detectionsApi.bulkUpdateRules({ body: [updatedRule1] }).expect(200); const outputRule = getSimpleRuleOutput(); outputRule.name = 'some other name'; @@ -226,9 +220,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule1.severity = 'low'; updatedRule1.enabled = false; - const { body } = await securitySolutionApi - .bulkUpdateRules({ body: [updatedRule1] }) - .expect(200); + const { body } = await detectionsApi.bulkUpdateRules({ body: [updatedRule1] }).expect(200); const outputRule = getSimpleRuleOutput(); outputRule.enabled = false; @@ -248,15 +240,13 @@ export default ({ getService }: FtrProviderContext) => { ruleUpdate.timeline_title = 'some title'; ruleUpdate.timeline_id = 'some id'; - await securitySolutionApi.bulkUpdateRules({ body: [ruleUpdate] }).expect(200); + await detectionsApi.bulkUpdateRules({ body: [ruleUpdate] }).expect(200); // update a simple rule's name const ruleUpdate2 = getSimpleRuleUpdate('rule-1'); ruleUpdate2.name = 'some other name'; - const { body } = await securitySolutionApi - .bulkUpdateRules({ body: [ruleUpdate2] }) - .expect(200); + const { body } = await detectionsApi.bulkUpdateRules({ body: [ruleUpdate2] }).expect(200); const outputRule = getSimpleRuleOutput(); outputRule.name = 'some other name'; @@ -272,9 +262,7 @@ export default ({ getService }: FtrProviderContext) => { ruleUpdate.id = '1fd52120-d3a9-4e7a-b23c-96c0e1a74ae5'; delete ruleUpdate.rule_id; - const { body } = await securitySolutionApi - .bulkUpdateRules({ body: [ruleUpdate] }) - .expect(200); + const { body } = await detectionsApi.bulkUpdateRules({ body: [ruleUpdate] }).expect(200); expect(body).toEqual([ { @@ -292,9 +280,7 @@ export default ({ getService }: FtrProviderContext) => { ruleUpdate.rule_id = 'fake_id'; delete ruleUpdate.id; - const { body } = await securitySolutionApi - .bulkUpdateRules({ body: [ruleUpdate] }) - .expect(200); + const { body } = await detectionsApi.bulkUpdateRules({ body: [ruleUpdate] }).expect(200); expect(body).toEqual([ { @@ -316,7 +302,7 @@ export default ({ getService }: FtrProviderContext) => { delete ruleUpdate.id; // update one rule name and give a fake id for the second - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkUpdateRules({ body: [ruleUpdate, ruleUpdate2] }) .expect(200); @@ -352,9 +338,7 @@ export default ({ getService }: FtrProviderContext) => { rule2.id = 'b3aa019a-656c-4311-b13b-4d9852e24347'; rule2.name = 'some other name'; - const { body } = await securitySolutionApi - .bulkUpdateRules({ body: [rule1, rule2] }) - .expect(200); + const { body } = await detectionsApi.bulkUpdateRules({ body: [rule1, rule2] }).expect(200); const outputRule = getSimpleRuleOutput(); outputRule.name = 'some other name'; @@ -381,7 +365,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await installPrebuiltRules(es, supertest); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkUpdateRules({ body: [getCustomQueryRuleParams({ rule_id: 'rule-1', author: ['new user'] })], }) diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules.ts index af9929f87832d..cc6d83ebbd865 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules.ts @@ -43,7 +43,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const es = getService('es'); const utils = getService('securitySolutionUtils'); @@ -68,7 +68,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule.name = 'some other name'; delete updatedRule.id; - const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200); + const { body } = await detectionsApi.updateRule({ body: updatedRule }).expect(200); const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); @@ -87,7 +87,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule.machine_learning_job_id = 'legacy_job_id'; delete updatedRule.id; - const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200); + const { body } = await detectionsApi.updateRule({ body: updatedRule }).expect(200); const outputRule = updateUsername(getSimpleMlRuleOutput(), await utils.getUsername()); @@ -107,7 +107,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule.name = 'some other name'; delete updatedRule.id; - const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200); + const { body } = await detectionsApi.updateRule({ body: updatedRule }).expect(200); const outputRule = updateUsername(getSimpleMlRuleOutput(), await utils.getUsername()); outputRule.name = 'some other name'; @@ -127,7 +127,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule.name = 'some other name'; delete updatedRule.id; - const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200); + const { body } = await detectionsApi.updateRule({ body: updatedRule }).expect(200); const outputRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), @@ -176,7 +176,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule.name = 'some other name'; delete updatedRule.id; - const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200); + const { body } = await detectionsApi.updateRule({ body: updatedRule }).expect(200); const outputRule = updateUsername( getSimpleRuleOutputWithoutRuleId(), @@ -199,7 +199,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule.id = createdBody.id; delete updatedRule.rule_id; - const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200); + const { body } = await detectionsApi.updateRule({ body: updatedRule }).expect(200); const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); @@ -217,7 +217,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule.severity = 'low'; updatedRule.enabled = false; - const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200); + const { body } = await detectionsApi.updateRule({ body: updatedRule }).expect(200); const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); @@ -237,13 +237,13 @@ export default ({ getService }: FtrProviderContext) => { ruleUpdate.timeline_id = 'some id'; // update a simple rule's timeline_title - await securitySolutionApi.updateRule({ body: ruleUpdate }).expect(200); + await detectionsApi.updateRule({ body: ruleUpdate }).expect(200); const ruleUpdate2 = getSimpleRuleUpdate('rule-1'); ruleUpdate2.name = 'some other name'; // update a simple rule's name - const { body } = await securitySolutionApi.updateRule({ body: ruleUpdate2 }).expect(200); + const { body } = await detectionsApi.updateRule({ body: ruleUpdate2 }).expect(200); const outputRule = updateUsername(getSimpleRuleOutput(), await utils.getUsername()); @@ -259,7 +259,7 @@ export default ({ getService }: FtrProviderContext) => { simpleRule.id = '5096dec6-b6b9-4d8d-8f93-6c2602079d9d'; delete simpleRule.rule_id; - const { body } = await securitySolutionApi.updateRule({ body: simpleRule }).expect(404); + const { body } = await detectionsApi.updateRule({ body: simpleRule }).expect(404); expect(body).to.eql({ status_code: 404, @@ -272,7 +272,7 @@ export default ({ getService }: FtrProviderContext) => { simpleRule.rule_id = 'fake_id'; delete simpleRule.id; - const { body } = await securitySolutionApi.updateRule({ body: simpleRule }).expect(404); + const { body } = await detectionsApi.updateRule({ body: simpleRule }).expect(404); expect(body).to.eql({ status_code: 404, @@ -305,7 +305,7 @@ export default ({ getService }: FtrProviderContext) => { ], }; - const { body } = await securitySolutionApi.updateRule({ body: ruleUpdate }).expect(200); + const { body } = await detectionsApi.updateRule({ body: ruleUpdate }).expect(200); expect(body.exceptions_list).to.eql([ { id: '2', list_id: '456', namespace_type: 'single', type: 'rule_default' }, @@ -333,7 +333,7 @@ export default ({ getService }: FtrProviderContext) => { ], }; - const { body } = await securitySolutionApi.updateRule({ body: ruleUpdate }).expect(500); + const { body } = await detectionsApi.updateRule({ body: ruleUpdate }).expect(500); expect(body).to.eql({ message: 'More than one default exception list found on rule', @@ -355,7 +355,7 @@ export default ({ getService }: FtrProviderContext) => { }); await createRule(supertest, log, getSimpleRule('rule-2')); - const { body } = await securitySolutionApi + const { body } = await detectionsApi .updateRule({ body: { ...getSimpleRule('rule-2'), @@ -396,7 +396,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule.id = createdBody.id; delete updatedRule.rule_id; - const { body } = await securitySolutionApi + const { body } = await detectionsApi .updateRule({ body: { ...updatedRule, @@ -425,7 +425,7 @@ export default ({ getService }: FtrProviderContext) => { const { threshold, ...rule } = existingRule; // @ts-expect-error we're testing the invalid payload here - const { body } = await securitySolutionApi.updateRule({ body: rule }).expect(400); + const { body } = await detectionsApi.updateRule({ body: rule }).expect(400); expect(body).to.eql({ error: 'Bad Request', @@ -445,7 +445,7 @@ export default ({ getService }: FtrProviderContext) => { field: ['field-1', 'field-2', 'field-3', 'field-4'], }, }; - const { body } = await securitySolutionApi.updateRule({ body: rule }).expect(400); + const { body } = await detectionsApi.updateRule({ body: rule }).expect(400); expect(body).to.eql({ message: ['Number of fields must be 3 or less'], @@ -464,7 +464,7 @@ export default ({ getService }: FtrProviderContext) => { value: 0, }, }; - const { body } = await securitySolutionApi.updateRule({ body: rule }).expect(400); + const { body } = await detectionsApi.updateRule({ body: rule }).expect(400); expect(body).to.eql({ error: 'Bad Request', @@ -489,7 +489,7 @@ export default ({ getService }: FtrProviderContext) => { ], }, }; - const { body } = await securitySolutionApi.updateRule({ body: rule }).expect(400); + const { body } = await detectionsApi.updateRule({ body: rule }).expect(400); expect(body).to.eql({ message: ['Cardinality of a field that is being aggregated on is always 1'], @@ -504,7 +504,7 @@ export default ({ getService }: FtrProviderContext) => { const savedQueryRule = getSimpleSavedQueryRule(ruleId); await createRule(supertest, log, getSimpleRule(ruleId)); - const { body: outputRule } = await securitySolutionApi + const { body: outputRule } = await detectionsApi .updateRule({ body: savedQueryRule }) .expect(200); @@ -517,7 +517,7 @@ export default ({ getService }: FtrProviderContext) => { const savedQueryRule = { ...getSimpleSavedQueryRule(ruleId), query: undefined }; await createRule(supertest, log, getSimpleRule(ruleId)); - const { body: outputRule } = await securitySolutionApi + const { body: outputRule } = await detectionsApi .updateRule({ body: savedQueryRule }) .expect(200); @@ -530,7 +530,7 @@ export default ({ getService }: FtrProviderContext) => { const queryRule = getSimpleRule(ruleId); await createRule(supertest, log, getSimpleSavedQueryRule(ruleId)); - const { body: outputRule } = await securitySolutionApi + const { body: outputRule } = await detectionsApi .updateRule({ body: queryRule }) .expect(200); @@ -552,7 +552,7 @@ export default ({ getService }: FtrProviderContext) => { ruleToUpdate.id = ruleId; delete ruleToUpdate.rule_id; - const { body: updatedRule } = await securitySolutionApi + const { body: updatedRule } = await detectionsApi .updateRule({ body: ruleToUpdate }) .expect(200); @@ -734,7 +734,7 @@ export default ({ getService }: FtrProviderContext) => { investigation_fields: { field_names: ['foo', 'bar'] }, }; - const { body } = await securitySolutionApi.updateRule({ body: ruleUpdate }).expect(200); + const { body } = await detectionsApi.updateRule({ body: ruleUpdate }).expect(200); expect(body.investigation_fields.field_names).to.eql(['foo', 'bar']); }); @@ -750,7 +750,7 @@ export default ({ getService }: FtrProviderContext) => { investigation_fields: undefined, }; - const { body } = await securitySolutionApi.updateRule({ body: ruleUpdate }).expect(200); + const { body } = await detectionsApi.updateRule({ body: ruleUpdate }).expect(200); expect(body.investigation_fields).to.eql(undefined); }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules_bulk.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules_bulk.ts index 470d2dc889341..27d493c552de0 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules_bulk.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules_bulk.ts @@ -46,7 +46,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const es = getService('es'); const utils = getService('securitySolutionUtils'); @@ -67,9 +67,7 @@ export default ({ getService }: FtrProviderContext) => { await createRule(supertest, log, getSimpleRule('rule-1')); const updatedRule = getSimpleRuleUpdate('rule-1'); - const { header } = await securitySolutionApi - .bulkUpdateRules({ body: [updatedRule] }) - .expect(200); + const { header } = await detectionsApi.bulkUpdateRules({ body: [updatedRule] }).expect(200); expect( header.warning.includes( @@ -96,9 +94,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule.name = 'some other name'; // update a simple rule's name - const { body } = await securitySolutionApi - .bulkUpdateRules({ body: [updatedRule] }) - .expect(200); + const { body } = await detectionsApi.bulkUpdateRules({ body: [updatedRule] }).expect(200); const outputRule = updateUsername(getSimpleRuleOutput(), username); outputRule.name = 'some other name'; @@ -111,7 +107,7 @@ export default ({ getService }: FtrProviderContext) => { await createRule(supertest, log, getSimpleRule('rule-1')); // create a second simple rule - await securitySolutionApi.createRule({ body: getSimpleRuleUpdate('rule-2') }).expect(200); + await detectionsApi.createRule({ body: getSimpleRuleUpdate('rule-2') }).expect(200); const updatedRule1 = getSimpleRuleUpdate('rule-1'); updatedRule1.name = 'some other name'; @@ -120,7 +116,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule2.name = 'some other name'; // update both rule names - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkUpdateRules({ body: [updatedRule1, updatedRule2] }) .expect(200); @@ -182,7 +178,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule2.actions = [action1]; // update both rule names - const { body }: { body: RuleResponse[] } = await securitySolutionApi + const { body }: { body: RuleResponse[] } = await detectionsApi .bulkUpdateRules({ body: [updatedRule1, updatedRule2] }) .expect(200); @@ -247,7 +243,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule2.name = 'some other name'; // update both rule names - const { body }: { body: RuleResponse[] } = await securitySolutionApi + const { body }: { body: RuleResponse[] } = await detectionsApi .bulkUpdateRules({ body: [updatedRule1, updatedRule2] }) .expect(200); @@ -270,9 +266,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule1.name = 'some other name'; delete updatedRule1.rule_id; - const { body } = await securitySolutionApi - .bulkUpdateRules({ body: [updatedRule1] }) - .expect(200); + const { body } = await detectionsApi.bulkUpdateRules({ body: [updatedRule1] }).expect(200); const outputRule = updateUsername(getSimpleRuleOutput(), username); outputRule.name = 'some other name'; @@ -296,7 +290,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule2.name = 'some other name'; delete updatedRule2.rule_id; - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkUpdateRules({ body: [updatedRule1, updatedRule2] }) .expect(200); @@ -323,9 +317,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule1.name = 'some other name'; delete updatedRule1.rule_id; - const { body } = await securitySolutionApi - .bulkUpdateRules({ body: [updatedRule1] }) - .expect(200); + const { body } = await detectionsApi.bulkUpdateRules({ body: [updatedRule1] }).expect(200); const outputRule = updateUsername(getSimpleRuleOutput(), username); outputRule.name = 'some other name'; @@ -342,9 +334,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule1.severity = 'low'; updatedRule1.enabled = false; - const { body } = await securitySolutionApi - .bulkUpdateRules({ body: [updatedRule1] }) - .expect(200); + const { body } = await detectionsApi.bulkUpdateRules({ body: [updatedRule1] }).expect(200); const outputRule = updateUsername(getSimpleRuleOutput(), username); outputRule.enabled = false; @@ -363,15 +353,13 @@ export default ({ getService }: FtrProviderContext) => { ruleUpdate.timeline_title = 'some title'; ruleUpdate.timeline_id = 'some id'; - await securitySolutionApi.bulkUpdateRules({ body: [ruleUpdate] }).expect(200); + await detectionsApi.bulkUpdateRules({ body: [ruleUpdate] }).expect(200); // update a simple rule's name const ruleUpdate2 = getSimpleRuleUpdate('rule-1'); ruleUpdate2.name = 'some other name'; - const { body } = await securitySolutionApi - .bulkUpdateRules({ body: [ruleUpdate2] }) - .expect(200); + const { body } = await detectionsApi.bulkUpdateRules({ body: [ruleUpdate2] }).expect(200); const outputRule = updateUsername(getSimpleRuleOutput(), username); outputRule.name = 'some other name'; @@ -386,9 +374,7 @@ export default ({ getService }: FtrProviderContext) => { ruleUpdate.id = '1fd52120-d3a9-4e7a-b23c-96c0e1a74ae5'; delete ruleUpdate.rule_id; - const { body } = await securitySolutionApi - .bulkUpdateRules({ body: [ruleUpdate] }) - .expect(200); + const { body } = await detectionsApi.bulkUpdateRules({ body: [ruleUpdate] }).expect(200); expect(body).to.eql([ { @@ -406,9 +392,7 @@ export default ({ getService }: FtrProviderContext) => { ruleUpdate.rule_id = 'fake_id'; delete ruleUpdate.id; - const { body } = await securitySolutionApi - .bulkUpdateRules({ body: [ruleUpdate] }) - .expect(200); + const { body } = await detectionsApi.bulkUpdateRules({ body: [ruleUpdate] }).expect(200); expect(body).to.eql([ { @@ -430,7 +414,7 @@ export default ({ getService }: FtrProviderContext) => { delete ruleUpdate.id; // update one rule name and give a fake id for the second - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkUpdateRules({ body: [ruleUpdate, ruleUpdate2] }) .expect(200); @@ -465,9 +449,7 @@ export default ({ getService }: FtrProviderContext) => { rule2.id = 'b3aa019a-656c-4311-b13b-4d9852e24347'; rule2.name = 'some other name'; - const { body } = await securitySolutionApi - .bulkUpdateRules({ body: [rule1, rule2] }) - .expect(200); + const { body } = await detectionsApi.bulkUpdateRules({ body: [rule1, rule2] }).expect(200); const outputRule = updateUsername(getSimpleRuleOutput(), username); outputRule.name = 'some other name'; @@ -503,7 +485,7 @@ export default ({ getService }: FtrProviderContext) => { const rule1 = getSimpleRuleUpdate('rule-1'); rule1.name = 'some other name'; - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkUpdateRules({ body: [ { @@ -542,7 +524,7 @@ export default ({ getService }: FtrProviderContext) => { const rule2 = getSimpleRuleUpdate('rule-2'); rule2.name = 'some other name'; - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkUpdateRules({ body: [ { @@ -603,9 +585,7 @@ export default ({ getService }: FtrProviderContext) => { ruleToUpdate.id = ruleId; delete ruleToUpdate.rule_id; - const { body } = await securitySolutionApi - .bulkUpdateRules({ body: [ruleToUpdate] }) - .expect(200); + const { body } = await detectionsApi.bulkUpdateRules({ body: [ruleToUpdate] }).expect(200); const updatedRule = body[0]; updatedRule.actions = removeUUIDFromActions(updatedRule.actions); @@ -790,7 +770,7 @@ export default ({ getService }: FtrProviderContext) => { it('errors if trying to update investigation fields using legacy format', async () => { // update rule - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkUpdateRules({ body: [ { @@ -811,7 +791,7 @@ export default ({ getService }: FtrProviderContext) => { it('updates a rule with legacy investigation fields and transforms field in response', async () => { // update rule - const { body } = await securitySolutionApi + const { body } = await detectionsApi .bulkUpdateRules({ body: [ { diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules_ess.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules_ess.ts index 4272345759f0e..57d5eb9fef4a1 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules_ess.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules_ess.ts @@ -33,7 +33,7 @@ import { FtrProviderContext } from '../../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const log = getService('log'); const es = getService('es'); // TODO: add a new service for pulling kibana username, similar to getService('es') @@ -90,7 +90,7 @@ export default ({ getService }: FtrProviderContext) => { updatedRule.actions = [action1]; delete updatedRule.id; - const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200); + const { body } = await detectionsApi.updateRule({ body: updatedRule }).expect(200); const bodyToCompare = removeServerGeneratedPropertiesIncludingRuleId(body); @@ -155,7 +155,7 @@ export default ({ getService }: FtrProviderContext) => { }; // @ts-expect-error we are testing the invalid payload - const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(400); + const { body } = await detectionsApi.updateRule({ body: updatedRule }).expect(400); expect(body.message).to.eql( '[request body]: investigation_fields: Expected object, received array' @@ -166,7 +166,7 @@ export default ({ getService }: FtrProviderContext) => { // rule_id of a rule with legacy investigation fields set const updatedRule = getSimpleRuleUpdate(ruleWithLegacyInvestigationField.params.ruleId); - const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200); + const { body } = await detectionsApi.updateRule({ body: updatedRule }).expect(200); const bodyToCompare = removeServerGeneratedProperties(body); expect(bodyToCompare.investigation_fields).to.eql(undefined); @@ -187,7 +187,7 @@ export default ({ getService }: FtrProviderContext) => { }, }; - const { body } = await securitySolutionApi.updateRule({ body: updatedRule }).expect(200); + const { body } = await detectionsApi.updateRule({ body: updatedRule }).expect(200); const bodyToCompare = removeServerGeneratedProperties(body); expect(bodyToCompare.investigation_fields).to.eql({ diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/import_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/import_rules.ts index 2faea9f7a3160..0b37cb6631f15 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/import_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/import_rules.ts @@ -24,10 +24,10 @@ export async function importRules({ overwrite, spaceId, }: ImportRulesParams): Promise { - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const buffer = Buffer.from(combineArrayToNdJson(rules)); - const { body: importResponse } = await securitySolutionApi + const { body: importResponse } = await detectionsApi .importRules({ query: { overwrite, overwrite_action_connectors: overwrite } }, spaceId) .attach('file', buffer, 'rules.ndjson') .expect('Content-Type', 'application/json; charset=utf-8') @@ -60,13 +60,13 @@ export async function assertImportedRule({ getService, expectedRule, }: AssertImportedRuleParams): Promise { - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const ruleId = expectedRule.rule_id; const expectedRuleSource = pick(expectedRule, ['immutable', 'rule_source']); const expectedRuleFields = omit(expectedRule, ['immutable', 'rule_source']); - const { body: rule } = await securitySolutionApi + const { body: rule } = await detectionsApi .readRule({ query: { rule_id: ruleId }, }) diff --git a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entities_list.ts b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entities_list.ts index 341d62a8fe7f1..4af354010f92a 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entities_list.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entities_list.ts @@ -9,12 +9,12 @@ import expect from 'expect'; import { FtrProviderContext } from '../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext) => { - const securitySolutionApi = getService('securitySolutionApi'); + const entityAnalyticsApi = getService('entityAnalyticsApi'); describe('@ess @skipInServerlessMKI Entity store - Entities list API', () => { describe('when the entity store is disable', () => { it("should return response with success status when the index doesn't exist", async () => { - const { body } = await securitySolutionApi.listEntities({ + const { body } = await entityAnalyticsApi.listEntities({ query: { entity_types: ['host'] }, }); @@ -41,7 +41,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should return hosts from the entity store index', async () => { - const { body } = await securitySolutionApi.listEntities({ + const { body } = await entityAnalyticsApi.listEntities({ query: { entity_types: ['host'] }, }); @@ -50,7 +50,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should return users from the entity store index', async () => { - const { body } = await securitySolutionApi.listEntities({ + const { body } = await entityAnalyticsApi.listEntities({ query: { entity_types: ['user'] }, }); @@ -59,7 +59,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should return services from the entity store index', async () => { - const { body } = await securitySolutionApi.listEntities({ + const { body } = await entityAnalyticsApi.listEntities({ query: { entity_types: ['service'] }, }); @@ -68,7 +68,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should return two entity types from the entity store index', async () => { - const { body } = await securitySolutionApi.listEntities({ + const { body } = await entityAnalyticsApi.listEntities({ query: { entity_types: ['user', 'host'] }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store.ts b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store.ts index 73b314c357261..b30c5450966cf 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store.ts @@ -12,7 +12,7 @@ import { FtrProviderContext } from '../../../../ftr_provider_context'; import { EntityStoreUtils } from '../../utils'; import { dataViewRouteHelpersFactory } from '../../utils/data_view'; export default ({ getService }: FtrProviderContext) => { - const api = getService('securitySolutionApi'); + const entityAnalyticsApi = getService('entityAnalyticsApi'); const supertest = getService('supertest'); const utils = EntityStoreUtils(getService); @@ -56,7 +56,7 @@ export default ({ getService }: FtrProviderContext) => { it('should return "error" when the security data view does not exist', async () => { await dataView.delete('security-solution'); - const { body, status } = await api.initEntityEngine( + const { body, status } = await entityAnalyticsApi.initEntityEngine( { params: { entityType: 'host' }, body: {}, @@ -92,7 +92,7 @@ export default ({ getService }: FtrProviderContext) => { describe('get', () => { it('should return the host entity engine', async () => { - const getResponse = await api + const getResponse = await entityAnalyticsApi .getEntityEngine({ params: { entityType: 'host' }, }) @@ -106,7 +106,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should return the user entity engine', async () => { - const getResponse = await api + const getResponse = await entityAnalyticsApi .getEntityEngine({ params: { entityType: 'user' }, }) @@ -122,7 +122,7 @@ export default ({ getService }: FtrProviderContext) => { describe('list', () => { it('should return the list of entity engines', async () => { - const { body } = await api.listEntityEngines().expect(200); + const { body } = await entityAnalyticsApi.listEntityEngines().expect(200); // @ts-expect-error body is any const sortedEngines = body.engines.sort((a, b) => a.type.localeCompare(b.type)); @@ -153,13 +153,13 @@ export default ({ getService }: FtrProviderContext) => { }); it('should stop the entity engine', async () => { - await api + await entityAnalyticsApi .stopEntityEngine({ params: { entityType: 'host' }, }) .expect(200); - const { body } = await api + const { body } = await entityAnalyticsApi .getEntityEngine({ params: { entityType: 'host' }, }) @@ -169,13 +169,13 @@ export default ({ getService }: FtrProviderContext) => { }); it('should start the entity engine', async () => { - await api + await entityAnalyticsApi .startEntityEngine({ params: { entityType: 'host' }, }) .expect(200); - const { body } = await api + const { body } = await entityAnalyticsApi .getEntityEngine({ params: { entityType: 'host' }, }) @@ -189,7 +189,7 @@ export default ({ getService }: FtrProviderContext) => { it('should delete the host entity engine', async () => { await utils.initEntityEngineForEntityTypesAndWait(['host']); - await api + await entityAnalyticsApi .deleteEntityEngine({ params: { entityType: 'host' }, query: { data: true }, @@ -202,7 +202,7 @@ export default ({ getService }: FtrProviderContext) => { it('should delete the user entity engine', async () => { await utils.initEntityEngineForEntityTypesAndWait(['user']); - await api + await entityAnalyticsApi .deleteEntityEngine({ params: { entityType: 'user' }, query: { data: true }, @@ -219,7 +219,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should return "not_installed" when no engines have been initialized', async () => { - const { body } = await api.getEntityStoreStatus({ query: {} }).expect(200); + const { body } = await entityAnalyticsApi.getEntityStoreStatus({ query: {} }).expect(200); expect(body).toEqual({ engines: [], @@ -230,7 +230,7 @@ export default ({ getService }: FtrProviderContext) => { it('should return "installing" when at least one engine is being initialized', async () => { await utils.enableEntityStore(); - const { body } = await api.getEntityStoreStatus({ query: {} }).expect(200); + const { body } = await entityAnalyticsApi.getEntityStoreStatus({ query: {} }).expect(200); expect(body.status).toEqual('installing'); expect(body.engines.length).toEqual(2); @@ -241,7 +241,7 @@ export default ({ getService }: FtrProviderContext) => { it('should return "started" when all engines are started', async () => { await utils.initEntityEngineForEntityTypesAndWait(['host', 'user']); - const { body } = await api.getEntityStoreStatus({ query: {} }).expect(200); + const { body } = await entityAnalyticsApi.getEntityStoreStatus({ query: {} }).expect(200); expect(body.status).toEqual('running'); expect(body.engines.length).toEqual(2); @@ -251,7 +251,7 @@ export default ({ getService }: FtrProviderContext) => { describe('status with components', () => { it('should return empty list when when no engines have been initialized', async () => { - const { body } = await api + const { body } = await entityAnalyticsApi .getEntityStoreStatus({ query: { include_components: true } }) .expect(200); @@ -264,7 +264,7 @@ export default ({ getService }: FtrProviderContext) => { it('should return components status when engines are installed', async () => { await utils.initEntityEngineForEntityTypesAndWait(['host']); - const { body } = await api + const { body } = await entityAnalyticsApi .getEntityStoreStatus({ query: { include_components: true } }) .expect(200); @@ -298,14 +298,14 @@ export default ({ getService }: FtrProviderContext) => { }); it("should not update the index patten when it didn't change", async () => { - const response = await api.applyEntityEngineDataviewIndices(); + const response = await entityAnalyticsApi.applyEntityEngineDataviewIndices(); expect(response.body).toEqual({ success: true, result: [{ type: 'host', changes: {} }] }); }); it('should update the index pattern when the data view changes', async () => { await dataView.updateIndexPattern('security-solution', 'test-*'); - const response = await api.applyEntityEngineDataviewIndices(); + const response = await entityAnalyticsApi.applyEntityEngineDataviewIndices(); expect(response.body).toEqual({ success: true, diff --git a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store_nondefault_spaces.ts b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store_nondefault_spaces.ts index d9e2001286359..17b9000ac7517 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store_nondefault_spaces.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/entity_store/trial_license_complete_tier/entity_store_nondefault_spaces.ts @@ -14,7 +14,7 @@ import { EntityStoreUtils } from '../../utils'; import { dataViewRouteHelpersFactory } from '../../utils/data_view'; export default ({ getService }: FtrProviderContextWithSpaces) => { - const api = getService('securitySolutionApi'); + const entityAnalyticsApi = getService('entityAnalyticsApi'); const spaces = getService('spaces'); const namespace = uuidv4().substring(0, 8); const supertest = getService('supertest'); @@ -66,7 +66,7 @@ export default ({ getService }: FtrProviderContextWithSpaces) => { describe('get', () => { it('should return the host entity engine', async () => { - const getResponse = await api + const getResponse = await entityAnalyticsApi .getEntityEngine( { params: { entityType: 'host' }, @@ -83,7 +83,7 @@ export default ({ getService }: FtrProviderContextWithSpaces) => { }); it('should return the user entity engine', async () => { - const getResponse = await api + const getResponse = await entityAnalyticsApi .getEntityEngine( { params: { entityType: 'user' }, @@ -102,7 +102,7 @@ export default ({ getService }: FtrProviderContextWithSpaces) => { describe('list', () => { it('should return the list of entity engines', async () => { - const { body } = await api.listEntityEngines(namespace).expect(200); + const { body } = await entityAnalyticsApi.listEntityEngines(namespace).expect(200); // @ts-expect-error body is any const sortedEngines = body.engines.sort((a, b) => a.type.localeCompare(b.type)); @@ -133,7 +133,7 @@ export default ({ getService }: FtrProviderContextWithSpaces) => { }); it('should stop the entity engine', async () => { - await api + await entityAnalyticsApi .stopEntityEngine( { params: { entityType: 'host' }, @@ -142,7 +142,7 @@ export default ({ getService }: FtrProviderContextWithSpaces) => { ) .expect(200); - const { body } = await api + const { body } = await entityAnalyticsApi .getEntityEngine( { params: { entityType: 'host' }, @@ -155,7 +155,7 @@ export default ({ getService }: FtrProviderContextWithSpaces) => { }); it('should start the entity engine', async () => { - await api + await entityAnalyticsApi .startEntityEngine( { params: { entityType: 'host' }, @@ -164,7 +164,7 @@ export default ({ getService }: FtrProviderContextWithSpaces) => { ) .expect(200); - const { body } = await api + const { body } = await entityAnalyticsApi .getEntityEngine( { params: { entityType: 'host' }, @@ -181,7 +181,7 @@ export default ({ getService }: FtrProviderContextWithSpaces) => { it('should delete the host entity engine', async () => { await utils.initEntityEngineForEntityTypesAndWait(['host']); - await api + await entityAnalyticsApi .deleteEntityEngine( { params: { entityType: 'host' }, @@ -197,7 +197,7 @@ export default ({ getService }: FtrProviderContextWithSpaces) => { it('should delete the user entity engine', async () => { await utils.initEntityEngineForEntityTypesAndWait(['user']); - await api + await entityAnalyticsApi .deleteEntityEngine( { params: { entityType: 'user' }, diff --git a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/utils/entity_store.ts b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/utils/entity_store.ts index 0e7c94613010c..c7f9153ba3c6e 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/utils/entity_store.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/utils/entity_store.ts @@ -14,7 +14,7 @@ export const EntityStoreUtils = ( getService: FtrProviderContext['getService'], namespace: string = 'default' ) => { - const api = getService('securitySolutionApi'); + const api = getService('entityAnalyticsApi'); const es = getService('es'); const log = getService('log'); const retry = getService('retry'); diff --git a/x-pack/test/security_solution_api_integration/test_suites/siem_migrations/rules/trial_license_complete_tier/install.ts b/x-pack/test/security_solution_api_integration/test_suites/siem_migrations/rules/trial_license_complete_tier/install.ts index 684db1939e279..527f2ae00d69c 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/siem_migrations/rules/trial_license_complete_tier/install.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/siem_migrations/rules/trial_license_complete_tier/install.ts @@ -32,7 +32,7 @@ export default ({ getService }: FtrProviderContext) => { const es = getService('es'); const log = getService('log'); const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); + const detectionsApi = getService('detectionsApi'); const migrationRulesRoutes = migrationRulesRouteHelpersFactory(supertest); describe('@ess @serverless @serverlessQA Install API', () => { @@ -73,9 +73,7 @@ export default ({ getService }: FtrProviderContext) => { expect(installedMigrationRules.length).toEqual(2); // fetch installed rules - const { body: rulesResponse } = await securitySolutionApi - .findRules({ query: {} }) - .expect(200); + const { body: rulesResponse } = await detectionsApi.findRules({ query: {} }).expect(200); const expectedRulesData = expect.arrayContaining( installedMigrationRules.map((migrationRule) => @@ -115,9 +113,7 @@ export default ({ getService }: FtrProviderContext) => { expect(installResponse.body).toEqual({ installed: 2 }); // fetch installed rules - const { body: rulesResponse } = await securitySolutionApi - .findRules({ query: {} }) - .expect(200); + const { body: rulesResponse } = await detectionsApi.findRules({ query: {} }).expect(200); const expectedInstalledRules = expect.arrayContaining([ expect.objectContaining(ruleAssetSavedObject['security-rule']), @@ -149,9 +145,7 @@ export default ({ getService }: FtrProviderContext) => { expect(installResponse.body).toEqual({ installed: 2 }); // fetch installed rules - const { body: rulesResponse } = await securitySolutionApi - .findRules({ query: {} }) - .expect(200); + const { body: rulesResponse } = await detectionsApi.findRules({ query: {} }).expect(200); expect(rulesResponse.data.length).toEqual(2); @@ -182,9 +176,7 @@ export default ({ getService }: FtrProviderContext) => { expect(installResponse.body).toEqual({ installed: 3 }); // fetch installed rules - const { body: rulesResponse } = await securitySolutionApi - .findRules({ query: {} }) - .expect(200); + const { body: rulesResponse } = await detectionsApi.findRules({ query: {} }).expect(200); expect(rulesResponse.data.length).toEqual(3); diff --git a/x-pack/test/tsconfig.json b/x-pack/test/tsconfig.json index bf8a55cac16a3..91a8b67d0556e 100644 --- a/x-pack/test/tsconfig.json +++ b/x-pack/test/tsconfig.json @@ -170,12 +170,7 @@ "@kbn/ml-trained-models-utils", "@kbn/observability-synthetics-test-data", "@kbn/ml-trained-models-utils", - "@kbn/openapi-common", - "@kbn/securitysolution-lists-common", - "@kbn/securitysolution-exceptions-common", - "@kbn/securitysolution-endpoint-exceptions-common", "@kbn/entityManager-plugin", - "@kbn/osquery-plugin", "@kbn/entities-schema", "@kbn/actions-simulators-plugin", "@kbn/cases-api-integration-test-plugin", @@ -197,5 +192,6 @@ "@kbn/streams-plugin", "@kbn/response-ops-rule-params", "@kbn/aiops-change-point-detection", + "@kbn/security-solution-test-api-clients", ] } diff --git a/x-pack/test_serverless/shared/services/deployment_agnostic_services.ts b/x-pack/test_serverless/shared/services/deployment_agnostic_services.ts index e5d79c4809c2e..d8d2a39f67500 100644 --- a/x-pack/test_serverless/shared/services/deployment_agnostic_services.ts +++ b/x-pack/test_serverless/shared/services/deployment_agnostic_services.ts @@ -9,7 +9,6 @@ import _ from 'lodash'; import { services as apiIntegrationServices } from '@kbn/test-suites-xpack/api_integration/services'; import { services as apiIntegrationDeploymentAgnosticServices } from '@kbn/test-suites-xpack/api_integration/deployment_agnostic/services'; -import { SecuritySolutionApiProvider as SecuritySolutionExceptionsApiProvider } from '@kbn/test-suites-xpack/api_integration/services/security_solution_exceptions_api.gen'; /* * Some FTR services from api integration stateful tests are compatible with serverless environment @@ -31,12 +30,13 @@ const pickedServices = _.pick(apiIntegrationServices, [ 'security', 'usageAPI', 'console', - 'securitySolutionApi', + 'detectionsApi', + 'entityAnalyticsApi', + 'exceptionsApi', ]); export const services = { // deployment agnostic FTR services ...pickedServices, alertingApi: apiIntegrationDeploymentAgnosticServices.alertingApi, - securitySolutionExceptionsApi: SecuritySolutionExceptionsApiProvider, }; diff --git a/yarn.lock b/yarn.lock index 03e362506858a..d873a69a0db8f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7280,6 +7280,10 @@ version "0.0.0" uid "" +"@kbn/security-solution-test-api-clients@link:x-pack/solutions/security/packages/test-api-clients": + version "0.0.0" + uid "" + "@kbn/security-solution-upselling@link:x-pack/solutions/security/packages/upselling": version "0.0.0" uid ""