diff --git a/x-pack/platform/plugins/shared/osquery/common/experimental_features.ts b/x-pack/platform/plugins/shared/osquery/common/experimental_features.ts index 80670e28dd67b..d33ec571abc05 100644 --- a/x-pack/platform/plugins/shared/osquery/common/experimental_features.ts +++ b/x-pack/platform/plugins/shared/osquery/common/experimental_features.ts @@ -19,12 +19,12 @@ export const allowedExperimentalValues = Object.freeze({ * - Introduces search input and users filter * - Introduces scheduled responses support */ - queryHistoryRework: false, + queryHistoryRework: true, /** * Replaces the legacy EuiDataGrid results table with UnifiedDataTable, * adding KQL search, document flyout, per-row actions, and column curation. */ - unifiedDataTable: false, + unifiedDataTable: true, }); type ExperimentalFeatures = { [K in keyof typeof allowedExperimentalValues]: boolean }; diff --git a/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/add_integration.cy.ts b/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/add_integration.cy.ts index 7f2f5f5dc9fd9..106aea127c76e 100644 --- a/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/add_integration.cy.ts +++ b/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/add_integration.cy.ts @@ -147,7 +147,7 @@ describe('ALL - Add Integration', { tags: ['@ess', '@serverless'] }, () => { policyContainsIntegration(integrationName, policyName); checkDataStreamsInPolicyDetails(); cy.visit(OSQUERY); - cy.contains('Live queries history'); + cy.contains('History'); } ); }); diff --git a/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/alerts_automated_action_results.cy.ts b/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/alerts_automated_action_results.cy.ts index c4e8b7cf33b8c..e0f0c95263148 100644 --- a/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/alerts_automated_action_results.cy.ts +++ b/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/alerts_automated_action_results.cy.ts @@ -7,7 +7,7 @@ import { initializeDataViews } from '../../tasks/login'; import { cleanupRule, loadRule } from '../../tasks/api_fixtures'; -import { checkActionItemsInResults, loadRuleAlerts, navigateToRule } from '../../tasks/live_query'; +import { loadRuleAlerts, navigateToRule } from '../../tasks/live_query'; const UUID_REGEX = '[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}'; @@ -41,13 +41,9 @@ describe( cy.getBySel('securitySolutionFlyoutResponseSectionHeader').click(); cy.getBySel('securitySolutionFlyoutResponseButton').click(); cy.getBySel('responseActionsViewWrapper').should('exist'); - checkActionItemsInResults({ - lens: true, - discover: true, - cases: true, - timeline: true, - }); - cy.contains('View in Discover') + cy.getBySel('osquery-results-comment').first().should('exist'); + cy.get('[aria-label="View in Discover"]') + .first() .should('exist') .should('have.attr', 'href') .then(($href) => { @@ -66,12 +62,7 @@ describe( cy.getBySel('securitySolutionFlyoutResponseSectionHeader').click(); cy.getBySel('securitySolutionFlyoutResponseButton').click(); cy.getBySel('responseActionsViewWrapper').should('exist'); - checkActionItemsInResults({ - lens: true, - discover: true, - cases: true, - timeline: true, - }); + cy.getBySel('osquery-results-comment').first().should('exist'); cy.getBySel('osquery-results-comment') .first() .within(() => { @@ -104,21 +95,12 @@ describe( cy.getBySel('securitySolutionFlyoutResponseSectionHeader').click(); cy.getBySel('securitySolutionFlyoutResponseButton').click(); cy.getBySel('responseActionsViewWrapper').should('exist'); - checkActionItemsInResults({ - lens: true, - discover: true, - cases: true, - timeline: true, - }); cy.getBySel('osquery-results-comment') .first() .within(() => { - cy.get('.euiTableRow') - .first() - .within(() => { - cy.getBySel('add-to-timeline').click(); - }); + cy.get('[data-test-subj^="packQueriesTableKebab-"]').first().click(); }); + cy.getBySel('add-to-timeline').click(); cy.contains(timelineRegex); cy.getBySel('securitySolutionFlyoutNavigationCollapseDetailButton').click(); cy.getBySel('timeline-bottom-bar').contains('Untitled timeline').click(); diff --git a/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/cases.cy.ts b/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/cases.cy.ts index 00047913118c6..6b5359f63ae4b 100644 --- a/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/cases.cy.ts +++ b/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/cases.cy.ts @@ -7,11 +7,7 @@ import { ServerlessRoleName } from '../../support/roles'; import { initializeDataViews } from '../../tasks/login'; -import { - addLiveQueryToCase, - checkActionItemsInResults, - viewRecentCaseAndCheckResults, -} from '../../tasks/live_query'; +import { addLiveQueryToCase, viewRecentCaseAndCheckResults } from '../../tasks/live_query'; import { navigateTo } from '../../tasks/navigation'; import { loadLiveQuery, loadCase, cleanupCase } from '../../tasks/api_fixtures'; @@ -52,12 +48,6 @@ describe('Add to Cases', () => { viewRecentCaseAndCheckResults(); cy.contains(liveQueryQuery); - checkActionItemsInResults({ - lens: true, - discover: true, - cases: false, - timeline: false, - }); }); }); @@ -84,12 +74,6 @@ describe('Add to Cases', () => { viewRecentCaseAndCheckResults(); cy.contains('SELECT * FROM os_version;'); - checkActionItemsInResults({ - lens: true, - discover: true, - cases: false, - timeline: false, - }); }); }); }); diff --git a/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/custom_space.cy.ts b/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/custom_space.cy.ts index f8e95c64eb7e2..215c835bb7031 100644 --- a/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/custom_space.cy.ts +++ b/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/custom_space.cy.ts @@ -74,7 +74,7 @@ describe('ALL - Custom space', () => { }); it('Discover should be opened in new tab in results table', { tags: testSpace.tags }, () => { - cy.contains('New live query').click(); + cy.contains('Run query').click(); selectAllAgents(); inputQuery('select * from uptime;'); submitQuery(); diff --git a/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/ecs_mappings.cy.ts b/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/ecs_mappings.cy.ts index 4bafc3d173156..8064022080aab 100644 --- a/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/ecs_mappings.cy.ts +++ b/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/ecs_mappings.cy.ts @@ -25,7 +25,7 @@ describe('EcsMapping', { tags: ['@ess', '@serverless', '@skipInServerlessMKI'] } it('should properly show static values in form and results', () => { navigateTo('/app/osquery'); - cy.contains('New live query').click(); + cy.contains('Run query').click(); selectAllAgents(); inputQuery('select * from processes;'); getAdvancedButton().click(); @@ -53,7 +53,7 @@ describe('EcsMapping', { tags: ['@ess', '@serverless', '@skipInServerlessMKI'] } it('should hide and show ecs mappings on Advanced accordion click', () => { navigateTo('/app/osquery'); - cy.contains('New live query').click(); + cy.contains('Run query').click(); selectAllAgents(); cy.getBySel('savedQuerySelect').within(() => { cy.getBySel('comboBoxInput').type('processes_elastic{downArrow}{enter}'); diff --git a/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/edit_saved_queries.cy.ts b/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/edit_saved_queries.cy.ts index 75a720327f5ef..694bda015cab5 100644 --- a/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/edit_saved_queries.cy.ts +++ b/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/edit_saved_queries.cy.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { customActionEditSavedQuerySelector, UPDATE_QUERY_BUTTON } from '../../screens/packs'; +import { rowActionsMenuSelector, UPDATE_QUERY_BUTTON } from '../../screens/packs'; import { navigateTo } from '../../tasks/navigation'; import { loadSavedQuery, cleanupSavedQuery } from '../../tasks/api_fixtures'; import { ServerlessRoleName } from '../../support/roles'; @@ -31,7 +31,8 @@ describe('ALL - Edit saved query', { tags: ['@ess', '@serverless'] }, () => { }); it('by changing ecs mappings and platforms', () => { - cy.get(customActionEditSavedQuerySelector(savedQueryName)).click(); + cy.get(rowActionsMenuSelector(savedQueryName)).click(); + cy.contains('Edit query').click(); cy.contains('Custom key/value pairs.').should('exist'); cy.contains('Hours of uptime').should('exist'); cy.get('[data-test-subj="ECSMappingEditorForm"]') @@ -52,7 +53,8 @@ describe('ALL - Edit saved query', { tags: ['@ess', '@serverless'] }, () => { cy.wait(5000); - cy.get(customActionEditSavedQuerySelector(savedQueryName)).click(); + cy.get(rowActionsMenuSelector(savedQueryName)).click(); + cy.contains('Edit query').click(); cy.contains('Custom key/value pairs').should('not.exist'); cy.contains('Hours of uptime').should('not.exist'); diff --git a/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/live_query.cy.ts b/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/live_query.cy.ts index 6b71ddfb9df89..f2be6941ea9b8 100644 --- a/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/live_query.cy.ts +++ b/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/live_query.cy.ts @@ -26,7 +26,7 @@ describe('ALL - Live Query', { tags: ['@ess', '@serverless'] }, () => { }); it('should validate the form', () => { - cy.contains('New live query').click(); + cy.contains('Run query').click(); submitQuery(); cy.contains('Agents is a required field'); cy.contains('Query is a required field'); @@ -58,10 +58,6 @@ describe('ALL - Live Query', { tags: ['@ess', '@serverless'] }, () => { expect(interception.response?.body.data.queries[0]).to.have.property('timeout', 890); }); checkResults(); - const firstCell = '[data-gridcell-column-index="0"][data-gridcell-row-index="0"]'; - cy.get(firstCell).should('exist'); - cy.get(firstCell).find('[data-euigrid-tab-managed="true"]').click(); - cy.url().should('include', 'app/fleet/agents/'); }); it('should run multiline query', () => { @@ -82,7 +78,7 @@ describe('ALL - Live Query', { tags: ['@ess', '@serverless'] }, () => { ' on pos.pid=p.pid{esc}{shift+enter}' + "where pos.remote_port !='0' {shift+enter}" + 'limit 1000;'; - cy.contains('New live query').click(); + cy.contains('Run query').click(); cy.getBySel(LIVE_QUERY_EDITOR).invoke('height').and('be.gt', 99).and('be.lt', 110); cy.getBySel(LIVE_QUERY_EDITOR).click().invoke('val', multilineQuery); diff --git a/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/live_query_packs.cy.ts b/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/live_query_packs.cy.ts index 68b5e2c8a5fa3..d77583f7e2489 100644 --- a/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/live_query_packs.cy.ts +++ b/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/live_query_packs.cy.ts @@ -8,7 +8,6 @@ import { navigateTo } from '../../tasks/navigation'; import { addToCase, - checkActionItemsInResults, checkResults, selectAllAgents, submitQuery, @@ -68,7 +67,7 @@ describe('ALL - Live Query Packs', { tags: ['@ess', '@serverless'] }, () => { }); it('should run live pack', () => { - cy.contains('New live query').click(); + cy.contains('Run query').click(); cy.contains('Run a set of queries in a pack.').click(); cy.getBySel(LIVE_QUERY_EDITOR).should('not.exist'); cy.getBySel('select-live-pack').click().type(`${packName}{downArrow}{enter}`); @@ -79,17 +78,11 @@ describe('ALL - Live Query Packs', { tags: ['@ess', '@serverless'] }, () => { submitQuery(); cy.getBySel('toggleIcon-system_memory_linux_elastic').click(); checkResults(); - checkActionItemsInResults({ - lens: true, - discover: true, - cases: true, - timeline: false, - }); cy.contains('Status').click(); - cy.getBySel('tableHeaderCell_status_0').should('exist'); - cy.getBySel('tableHeaderCell_fields.agent_id[0]_1').should('exist'); - cy.getBySel('tableHeaderCell__source.action_response.osquery.count_2').should('exist'); - cy.getBySel('tableHeaderCell_fields.error[0]_3').should('exist'); + cy.getBySel('dataGridHeaderCell-status').should('exist'); + cy.getBySel('dataGridHeaderCell-agent_id').should('exist'); + cy.getBySel('dataGridHeaderCell-action_response.osquery.count').should('exist'); + cy.getBySel('dataGridHeaderCell-error').should('exist'); cy.getBySel('toggleIcon-system_memory_linux_elastic').click(); cy.getBySel('toggleIcon-failingQuery').click(); diff --git a/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/live_query_run.cy.ts b/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/live_query_run.cy.ts index 9ea72070c4984..cbedff078697f 100644 --- a/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/live_query_run.cy.ts +++ b/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/live_query_run.cy.ts @@ -8,7 +8,6 @@ import { SAVED_QUERY_DROPDOWN_SELECT } from '../../screens/packs'; import { navigateTo } from '../../tasks/navigation'; import { - checkActionItemsInResults, checkResults, fillInQueryTimeout, inputQuery, @@ -18,7 +17,7 @@ import { typeInOsqueryFieldInput, verifyQueryTimeout, } from '../../tasks/live_query'; -import { LIVE_QUERY_EDITOR, RESULTS_TABLE, RESULTS_TABLE_BUTTON } from '../../screens/live_query'; +import { LIVE_QUERY_EDITOR, RESULTS_TABLE } from '../../screens/live_query'; import { getAdvancedButton } from '../../screens/integrations'; import { loadSavedQuery, cleanupSavedQuery } from '../../tasks/api_fixtures'; import { ServerlessRoleName } from '../../support/roles'; @@ -52,25 +51,16 @@ describe( it('should run query and enable ecs mapping', () => { const cmd = Cypress.platform === 'darwin' ? '{meta}{enter}' : '{ctrl}{enter}'; - cy.contains('New live query').click(); + cy.contains('Run query').click(); selectAllAgents(); inputQuery('select * from uptime;'); cy.wait(500); // checking submit by clicking cmd+enter inputQuery(cmd); checkResults(); - checkActionItemsInResults({ - lens: true, - discover: true, - cases: true, - timeline: false, + cy.getBySel(RESULTS_TABLE).within(() => { + cy.get('[data-test-subj^="dataGridHeaderCell-"]').should('have.length.greaterThan', 0); }); - cy.get( - '[data-gridcell-column-index="1"][data-test-subj="dataGridHeaderCell-osquery.days.number"]' - ).should('exist'); - cy.get( - '[data-gridcell-column-index="2"][data-test-subj="dataGridHeaderCell-osquery.hours.number"]' - ).should('exist'); getAdvancedButton().click(); typeInECSFieldInput('message{downArrow}{enter}'); @@ -79,22 +69,12 @@ describe( checkResults(); cy.getBySel(RESULTS_TABLE).within(() => { - cy.getBySel(RESULTS_TABLE_BUTTON).should('exist'); + cy.get('[data-test-subj="dataGridHeaderCell-message"]').should('exist'); }); - cy.get( - '[data-gridcell-column-index="1"][data-test-subj="dataGridHeaderCell-message"]' - ).should('exist'); - cy.get( - '[data-gridcell-column-index="2"][data-test-subj="dataGridHeaderCell-osquery.days.number"]' - ) - .should('exist') - .within(() => { - cy.get(`.euiToolTipAnchor`); - }); }); it('should run customized saved query', () => { - cy.contains('New live query').click(); + cy.contains('Run query').click(); selectAllAgents(); cy.getBySel(SAVED_QUERY_DROPDOWN_SELECT).type(`${savedQueryName}{downArrow}{enter}`); inputQuery('{selectall}{backspace}select * from users;'); @@ -111,7 +91,7 @@ describe( it('should open query details by clicking the details icon', () => { cy.get('[aria-label="Details"]').first().should('be.visible').click(); - cy.contains('Live query details'); + cy.contains('View history'); cy.contains('select * from users;'); }); } diff --git a/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/packs_create_edit.cy.ts b/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/packs_create_edit.cy.ts index 00cf96a25885e..d9ccac097e6f6 100644 --- a/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/packs_create_edit.cy.ts +++ b/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/packs_create_edit.cy.ts @@ -196,9 +196,7 @@ describe( cy.getBySel(UPDATE_PACK_BUTTON).click(); closeModalIfVisible(); - cy.contains( - 'Create packs to organize sets of queries and to schedule queries for agent policies.' - ); + cy.contains('Create pack'); const queries = { Query1: { interval: 3600, diff --git a/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/packs_integration.cy.ts b/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/packs_integration.cy.ts index b1f292bd79745..afa93e34b5806 100644 --- a/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/packs_integration.cy.ts +++ b/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/packs_integration.cy.ts @@ -162,7 +162,7 @@ describe.skip('ALL - Packs', { tags: ['@ess', '@serverless'] }, () => { it('should be able to run live prebuilt pack', () => { navigateTo('/app/osquery/live_queries'); - cy.contains('New live query').click(); + cy.contains('Run query').click(); cy.getBySel('globalLoadingIndicator').should('not.exist'); cy.contains('Run a set of queries in a pack.').click(); cy.getBySel(LIVE_QUERY_EDITOR).should('not.exist'); diff --git a/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/saved_queries.cy.ts b/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/saved_queries.cy.ts index 4c08ac4c21688..62e68f013ebcb 100644 --- a/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/saved_queries.cy.ts +++ b/x-pack/platform/plugins/shared/osquery/cypress/e2e/all/saved_queries.cy.ts @@ -16,6 +16,7 @@ import { customActionEditSavedQuerySelector, customActionRunSavedQuerySelector, EDIT_PACK_HEADER_BUTTON, + rowActionsMenuSelector, SAVED_QUERY_DROPDOWN_SELECT, } from '../../screens/packs'; import { preparePack } from '../../tasks/packs'; @@ -71,7 +72,7 @@ describe('ALL - Saved queries', { tags: ['@ess', '@serverless'] }, () => { const suffix = generateRandomStringName(1)[0]; const savedQueryId = `Saved-Query-Id-${suffix}`; const savedQueryDescription = `Test saved query description ${suffix}`; - cy.contains('New live query').click(); + cy.contains('Run query').click(); selectAllAgents(); inputQuery(BIG_QUERY); getAdvancedButton().click(); @@ -124,10 +125,17 @@ describe('ALL - Saved queries', { tags: ['@ess', '@serverless'] }, () => { cy.getBySel('osquery-status-tab').click(); cy.get('tbody > tr.euiTableRow').should('have.lengthOf', 2); - // save new query + // save new query from the detail page cy.contains('Exit full screen').should('not.exist'); - cy.contains('Save for later').click(); - cy.contains('Save query'); + navigateTo('/app/osquery/live_queries'); + cy.get('tbody tr', { timeout: 60000 }) + .first() + .within(() => { + cy.get('[aria-label="Details"]').click(); + }); + cy.contains('Query results'); + cy.getBySel('save-query-button').should('exist').click(); + cy.getBySel('osquery-save-query-flyout').should('exist'); cy.get('input[name="id"]').type(`${savedQueryId}{downArrow}{enter}`); cy.get('input[name="description"]').type(`${savedQueryDescription}{downArrow}{enter}`); cy.getBySel('savedQueryFlyoutSaveButton').click(); @@ -143,10 +151,11 @@ describe('ALL - Saved queries', { tags: ['@ess', '@serverless'] }, () => { submitQuery(); // edit saved query - cy.contains('Saved queries').click(); + navigateTo('/app/osquery/saved_queries'); cy.contains(savedQueryId); - cy.get(`[aria-label="Edit ${savedQueryId}"]`).click(); + cy.get(rowActionsMenuSelector(savedQueryId)).click(); + cy.contains('Edit query').click(); cy.get('input[name="description"]').type(` Edited{downArrow}{enter}`); // Run in test configuration @@ -175,7 +184,8 @@ describe('ALL - Saved queries', { tags: ['@ess', '@serverless'] }, () => { // delete saved query cy.contains(savedQueryId); - cy.get(`[aria-label="Edit ${savedQueryId}"]`).click(); + cy.get(rowActionsMenuSelector(savedQueryId)).click(); + cy.contains('Edit query').click(); deleteAndConfirm('query'); cy.contains(savedQueryId).should('exist'); @@ -203,9 +213,9 @@ describe('ALL - Saved queries', { tags: ['@ess', '@serverless'] }, () => { it('shows ID must be unique error', () => { cy.intercept('GET', '**/api/osquery/saved_queries**').as('savedQueriesLoaded'); - cy.contains('Saved queries').click(); + cy.contains('Queries').click(); cy.wait('@savedQueriesLoaded'); - cy.contains('Add saved query').click(); + cy.contains('Create query').click(); cy.get('input[name="id"]').type(`${duplicateTestQueryId}{downArrow}{enter}`); cy.contains('ID must be unique').should('not.exist'); @@ -216,8 +226,8 @@ describe('ALL - Saved queries', { tags: ['@ess', '@serverless'] }, () => { }); it('checks default values on new saved query', () => { - cy.contains('Saved queries').click(); - cy.contains('Add saved query').click(); + cy.contains('Queries').click(); + cy.contains('Create query').click(); // ADD MORE FIELDS HERE cy.getBySel('resultsTypeField').within(() => { cy.contains('Snapshot'); @@ -262,7 +272,8 @@ describe('ALL - Saved queries', { tags: ['@ess', '@serverless'] }, () => { it('checks result type on prebuilt saved query', () => { // Navigate to page 2 where users_elastic is located cy.getBySel('pagination-button-1').click(); - cy.get(customActionEditSavedQuerySelector('users_elastic')).click(); + cy.get(rowActionsMenuSelector('users_elastic')).click(); + cy.contains('Edit query').click(); cy.getBySel('resultsTypeField').within(() => { cy.contains('Snapshot'); }); @@ -283,7 +294,8 @@ describe('ALL - Saved queries', { tags: ['@ess', '@serverless'] }, () => { it('user can not delete prebuilt saved query but can delete normal saved query', () => { // Navigate to page 2 where users_elastic is located cy.getBySel('pagination-button-1').click(); - cy.get(customActionEditSavedQuerySelector('users_elastic')).click(); + cy.get(rowActionsMenuSelector('users_elastic')).click(); + cy.contains('Edit query').click(); cy.contains('Delete query').should('not.exist'); navigateTo(`/app/osquery/saved_queries/${savedQueryId}`); diff --git a/x-pack/platform/plugins/shared/osquery/cypress/e2e/roles/reader.cy.ts b/x-pack/platform/plugins/shared/osquery/cypress/e2e/roles/reader.cy.ts index 00ae3d3a20421..dd62a098c2ce5 100644 --- a/x-pack/platform/plugins/shared/osquery/cypress/e2e/roles/reader.cy.ts +++ b/x-pack/platform/plugins/shared/osquery/cypress/e2e/roles/reader.cy.ts @@ -10,6 +10,7 @@ import { customActionEditSavedQuerySelector, customActionRunSavedQuerySelector, formFieldInputSelector, + rowActionsMenuSelector, } from '../../screens/packs'; import { navigateTo } from '../../tasks/navigation'; import { @@ -54,9 +55,10 @@ describe('Reader - only READ', { tags: ['@ess'] }, () => { it('should not be able to add nor run saved queries', () => { navigateTo('/app/osquery/saved_queries'); cy.contains(savedQueryName); - cy.contains('Add saved query').should('be.disabled'); + cy.contains('Create query').should('be.disabled'); cy.get(customActionRunSavedQuerySelector(savedQueryName)).should('be.disabled'); - cy.get(customActionEditSavedQuerySelector(savedQueryName)).click(); + cy.get(rowActionsMenuSelector(savedQueryName)).click(); + cy.contains('Edit query').click(); cy.get(formFieldInputSelector('id')).should('be.disabled'); cy.get(formFieldInputSelector('description')).should('be.disabled'); @@ -71,7 +73,7 @@ describe('Reader - only READ', { tags: ['@ess'] }, () => { it('should not be able to play in live queries history', () => { navigateTo('/app/osquery/live_queries'); - cy.contains('New live query').should('be.disabled'); + cy.contains('Run query').should('be.disabled'); cy.contains(liveQueryQuery); cy.get(customActionRunSavedQuerySelector(savedQueryName)).should('not.exist'); cy.get(`[aria-label="Details"]`).should('exist'); @@ -79,7 +81,7 @@ describe('Reader - only READ', { tags: ['@ess'] }, () => { it('should not be able to add nor edit packs', () => { navigateTo('/app/osquery/packs'); - cy.contains('Add pack').should('be.disabled'); + cy.contains('Create pack').should('be.disabled'); cy.getBySel('tablePaginationPopoverButton').click(); cy.getBySel('tablePagination-50-rows').click(); diff --git a/x-pack/platform/plugins/shared/osquery/cypress/e2e/roles/t1_and_t2_analyst.cy.ts b/x-pack/platform/plugins/shared/osquery/cypress/e2e/roles/t1_and_t2_analyst.cy.ts index d773f1e85edb5..1b1019a6d9639 100644 --- a/x-pack/platform/plugins/shared/osquery/cypress/e2e/roles/t1_and_t2_analyst.cy.ts +++ b/x-pack/platform/plugins/shared/osquery/cypress/e2e/roles/t1_and_t2_analyst.cy.ts @@ -57,7 +57,7 @@ describe(`T1 and T2 analysts`, { tags: ['@ess', '@serverless', '@skipInServerles it('should be able to run saved queries but not add new ones', () => { navigateTo('/app/osquery/saved_queries'); cy.contains(savedQueryName); - cy.contains('Add saved query').should('be.disabled'); + cy.contains('Create query').should('be.disabled'); cy.get(`[aria-label="Run ${savedQueryName}"]`).should('not.be.disabled'); cy.get(`[aria-label="Run ${savedQueryName}"]`).click(); @@ -75,20 +75,19 @@ describe(`T1 and T2 analysts`, { tags: ['@ess', '@serverless', '@skipInServerles it('should be able to play in live queries history', () => { navigateTo('/app/osquery/live_queries'); - cy.contains('New live query').should('not.be.disabled'); + cy.contains('Run query').should('not.be.disabled'); cy.contains(liveQueryQuery); cy.get(`[aria-label="Run query"]`).first().should('not.be.disabled'); cy.get(`[aria-label="Run query"]`).first().click(); - cy.get('[data-test-subj="savedQuerySelect"]') - .find('input') - .should('have.value', savedQueryName); + cy.contains(liveQueryQuery); + selectAllAgents(); submitQuery(); checkResults(); }); it('should be able to use saved query in a new query', () => { navigateTo('/app/osquery/live_queries'); - cy.contains('New live query').should('not.be.disabled').click(); + cy.contains('Run query').should('not.be.disabled').click(); selectAllAgents(); cy.getBySel('savedQuerySelect').type(`${savedQueryName}{downArrow} {enter}`); cy.contains('select * from uptime'); @@ -98,9 +97,7 @@ describe(`T1 and T2 analysts`, { tags: ['@ess', '@serverless', '@skipInServerles it('should not be able to add nor edit packs', () => { navigateTo('/app/osquery/packs'); - cy.getBySel('tablePaginationPopoverButton').click(); - cy.getBySel('tablePagination-50-rows').click(); - cy.contains('Add pack').should('be.disabled'); + cy.contains('Create pack').should('be.disabled'); cy.get(`[aria-label="${packName}"]`).should('be.disabled'); cy.contains(packName).click(); @@ -113,7 +110,7 @@ describe(`T1 and T2 analysts`, { tags: ['@ess', '@serverless', '@skipInServerles it('should not be able to create new liveQuery from scratch', () => { navigateTo('/app/osquery'); - cy.contains('New live query').click(); + cy.contains('Run query').click(); selectAllAgents(); cy.getBySel(LIVE_QUERY_EDITOR).should('not.exist'); submitQuery(); diff --git a/x-pack/platform/plugins/shared/osquery/cypress/screens/packs.ts b/x-pack/platform/plugins/shared/osquery/cypress/screens/packs.ts index 433871d4840a3..9ab70d1414041 100644 --- a/x-pack/platform/plugins/shared/osquery/cypress/screens/packs.ts +++ b/x-pack/platform/plugins/shared/osquery/cypress/screens/packs.ts @@ -19,6 +19,9 @@ export const FLYOUT_SAVED_QUERY_CANCEL_BUTTON = 'query-flyout-cancel-button'; export const customActionEditSavedQuerySelector = (savedQueryName: string) => `[aria-label="Edit ${savedQueryName}"]`; +export const rowActionsMenuSelector = (itemName: string) => + `[aria-label="Actions for ${itemName}"]`; + export const customActionRunSavedQuerySelector = (savedQueryName: string) => `[aria-label="Run ${savedQueryName}"]`; diff --git a/x-pack/platform/plugins/shared/osquery/cypress/tasks/live_query.ts b/x-pack/platform/plugins/shared/osquery/cypress/tasks/live_query.ts index edc16b90e03ce..5418c0859d9a0 100644 --- a/x-pack/platform/plugins/shared/osquery/cypress/tasks/live_query.ts +++ b/x-pack/platform/plugins/shared/osquery/cypress/tasks/live_query.ts @@ -161,7 +161,7 @@ export const addLiveQueryToCase = (actionId: string, caseId: string) => { cy.getBySel(`row-${actionId}`).within(() => { cy.get('[aria-label="Details"]').click(); }); - cy.contains('Live query details'); + cy.contains('View history'); addToCase(caseId); }; @@ -169,25 +169,18 @@ const casesOsqueryResultRegex = /attached Osquery results[\s]?[\d]+[\s]?second(? export const viewRecentCaseAndCheckResults = () => { cy.contains('View case').click(); cy.contains(casesOsqueryResultRegex); - checkResults(); }; export const checkActionItemsInResults = ({ - lens, - discover, - timeline, cases, }: { - discover: boolean; - lens: boolean; + discover?: boolean; + lens?: boolean; cases: boolean; - timeline: boolean; + timeline?: boolean; }) => { checkResults(); - cy.contains('View in Discover').should(discover ? 'exist' : 'not.exist'); - cy.contains('View in Lens').should(lens ? 'exist' : 'not.exist'); cy.contains('Add to Case').should(cases ? 'exist' : 'not.exist'); - cy.contains('Add to Timeline investigation').should(timeline ? 'exist' : 'not.exist'); }; export const takeOsqueryActionWithParams = () => { diff --git a/x-pack/platform/plugins/shared/osquery/public/routes/packs/list/index.tsx b/x-pack/platform/plugins/shared/osquery/public/routes/packs/list/index.tsx index 3fdaa977c0f33..817fabfdae263 100644 --- a/x-pack/platform/plugins/shared/osquery/public/routes/packs/list/index.tsx +++ b/x-pack/platform/plugins/shared/osquery/public/routes/packs/list/index.tsx @@ -17,9 +17,11 @@ import { PacksTableEmptyState } from './empty_state'; import { useAssetsStatus } from '../../../assets/use_assets_status'; import { usePacks } from '../../../packs/use_packs'; import { useIsExperimentalFeatureEnabled } from '../../../common/experimental_features_context'; +import { useKibana } from '../../../common/lib/kibana'; import { PacksTable } from './packs_table'; const PacksPageComponent = () => { + const permissions = useKibana().services.application.capabilities.osquery; const queryHistoryRework = useIsExperimentalFeatureEnabled('queryHistoryRework'); const { data: assetsData, isLoading: isLoadingAssetsStatus } = useAssetsStatus(); const { data: packsData, isLoading: isLoadingPacks } = usePacks({ @@ -31,7 +33,7 @@ const PacksPageComponent = () => { ); if (queryHistoryRework) { - if (isLoadingAssetsStatus) { + if (isLoadingAssetsStatus && permissions.writePacks) { return (
diff --git a/x-pack/platform/plugins/shared/osquery/public/routes/packs/list/packs_table.tsx b/x-pack/platform/plugins/shared/osquery/public/routes/packs/list/packs_table.tsx index 3fae988e50a2a..e51c52f966d42 100644 --- a/x-pack/platform/plugins/shared/osquery/public/routes/packs/list/packs_table.tsx +++ b/x-pack/platform/plugins/shared/osquery/public/routes/packs/list/packs_table.tsx @@ -387,6 +387,7 @@ const PacksTableComponent = ({ hasAssetsToInstall }: { hasAssetsToInstall?: bool {...newPackLinkProps} iconType="plusInCircle" isDisabled={!permissions.writePacks} + data-test-subj="add-pack-button" > { const row = mapLiveHitToRow(hit); expect(row.tags).toEqual([]); }); + + test('maps replay parameters for single query (savedQueryId, timeout, ecsMapping, agent selection)', () => { + const hit = { + _source: { + action_id: 'action-replay', + '@timestamp': '2024-01-01T00:00:00.000Z', + agent_all: true, + agent_ids: ['agent-1', 'agent-2'], + agent_platforms: ['linux', 'darwin'], + agent_policy_ids: ['policy-1'], + queries: [ + { + query: 'SELECT * FROM uptime', + id: 'q1', + agents: ['agent-1', 'agent-2'], + saved_query_id: 'saved-query-123', + timeout: 601, + ecs_mapping: { message: { field: 'days' } }, + }, + ], + }, + }; + + const row = mapLiveHitToRow(hit); + expect(row.savedQueryId).toBe('saved-query-123'); + expect(row.timeout).toBe(601); + expect(row.ecsMapping).toEqual({ message: { field: 'days' } }); + expect(row.agentIds).toEqual(['agent-1', 'agent-2']); + expect(row.agentAll).toBe(true); + expect(row.agentPlatforms).toEqual(['linux', 'darwin']); + expect(row.agentPolicyIds).toEqual(['policy-1']); + }); + + test('does not map replay parameters for pack queries', () => { + const hit = { + _source: { + action_id: 'action-pack', + '@timestamp': '2024-01-01T00:00:00.000Z', + pack_id: 'pack-1', + pack_name: 'my_pack', + queries: [ + { + query: 'SELECT 1', + id: 'q1', + agents: ['agent-1'], + saved_query_id: 'sq-1', + timeout: 300, + }, + { query: 'SELECT 2', id: 'q2', agents: ['agent-1'] }, + ], + }, + }; + + const row = mapLiveHitToRow(hit); + expect(row.savedQueryId).toBeUndefined(); + expect(row.timeout).toBeUndefined(); + expect(row.ecsMapping).toBeUndefined(); + }); });