fix cypress tests

elastic · Aug 24, 2021 · d1bdecf · d1bdecf
1 parent 68f3085
commit d1bdecf
Show file tree

Hide file tree

Showing 8 changed files with 36 additions and 33 deletions.
diff --git a/...k/plugins/security_solution/cypress/integration/detection_rules/custom_query_rule.spec.ts b/...k/plugins/security_solution/cypress/integration/detection_rules/custom_query_rule.spec.ts
@@ -13,7 +13,13 @@ import {
  getEditedRule,
  getNewOverrideRule,
 } from '../../objects/rule';
-import { ALERT_GRID_CELL, NUMBER_OF_ALERTS } from '../../screens/alerts';
+import {
+ ALERT_GRID_CELL,
+ ALERT_RISK_SCORE,
+ ALERT_RULE_NAME,
+ ALERT_SEVERITY,
+ NUMBER_OF_ALERTS,
+} from '../../screens/alerts';
 
 import {
  CUSTOM_RULES_BTN,
@@ -215,9 +221,9 @@ describe('Custom detection rules creation', () => {
  waitForAlertsToPopulate();
 
  cy.get(NUMBER_OF_ALERTS).should(($count) => expect(+$count.text().split(' ')[0]).to.be.gte(1));
- cy.get(ALERT_GRID_CELL).eq(3).contains(this.rule.name);
- cy.get(ALERT_GRID_CELL).eq(4).contains(this.rule.severity.toLowerCase());
- cy.get(ALERT_GRID_CELL).eq(5).contains(this.rule.riskScore);
+ cy.get(`${ALERT_GRID_CELL} ${ALERT_RULE_NAME}`).contains(this.rule.name);
+ cy.get(`${ALERT_GRID_CELL} ${ALERT_SEVERITY}`).contains(this.rule.severity.toLowerCase());
+ cy.get(`${ALERT_GRID_CELL} ${ALERT_RISK_SCORE}`).contains(this.rule.riskScore);
  });
 });
 

diff --git a/x-pack/plugins/security_solution/cypress/integration/detection_rules/override.spec.ts b/x-pack/plugins/security_solution/cypress/integration/detection_rules/override.spec.ts
@@ -5,7 +5,6 @@
  * 2.0.
  */
 
-import { ALERT_RISK_SCORE } from '@kbn/rule-data-utils';
 import { formatMitreAttackDescription } from '../../helpers/rules';
 import {
  getIndexPatterns,
@@ -14,7 +13,13 @@ import {
  OverrideRule,
 } from '../../objects/rule';
 
-import { NUMBER_OF_ALERTS, ALERT_GRID_CELL } from '../../screens/alerts';
+import {
+ NUMBER_OF_ALERTS,
+ ALERT_GRID_CELL,
+ ALERT_RISK_SCORE,
+ ALERT_RULE_NAME,
+ ALERT_SEVERITY,
+} from '../../screens/alerts';
 
 import {
  CUSTOM_RULES_BTN,
@@ -188,12 +193,8 @@ describe('Detection rules, override', () => {
  waitForAlertsToPopulate();
 
  cy.get(NUMBER_OF_ALERTS).should(($count) => expect(+$count.text().split(' ')[0]).to.be.gte(1));
- cy.get(ALERT_GRID_CELL).eq(3).contains('auditbeat');
- cy.get(ALERT_GRID_CELL).eq(4).contains('critical');
-
- // TODO: Is this necessary?
- // sortRiskScore();
-
- cy.get(ALERT_GRID_CELL).eq(5).contains('80');
+ cy.get(`${ALERT_GRID_CELL} ${ALERT_RULE_NAME}`).contains('auditbeat');
+ cy.get(`${ALERT_GRID_CELL} ${ALERT_SEVERITY}`).contains('critical');
+ cy.get(`${ALERT_GRID_CELL} ${ALERT_RISK_SCORE}`).contains('80');
  });
 });
diff --git a/x-pack/plugins/security_solution/cypress/integration/detection_rules/threshold_rule.spec.ts b/x-pack/plugins/security_solution/cypress/integration/detection_rules/threshold_rule.spec.ts
@@ -13,7 +13,13 @@ import {
  ThresholdRule,
 } from '../../objects/rule';
 
-import { ALERT_GRID_CELL, NUMBER_OF_ALERTS } from '../../screens/alerts';
+import {
+ ALERT_GRID_CELL,
+ ALERT_RISK_SCORE,
+ ALERT_RULE_NAME,
+ ALERT_SEVERITY,
+ NUMBER_OF_ALERTS,
+} from '../../screens/alerts';
 
 import {
  CUSTOM_RULES_BTN,
@@ -171,9 +177,9 @@ describe('Detection rules, threshold', () => {
  waitForAlertsToPopulate();
 
  cy.get(NUMBER_OF_ALERTS).should(($count) => expect(+$count.text().split(' ')[0]).to.be.lt(100));
- cy.get(ALERT_GRID_CELL).eq(3).contains(rule.name);
- cy.get(ALERT_GRID_CELL).eq(4).contains(rule.severity.toLowerCase());
- cy.get(ALERT_GRID_CELL).eq(5).contains(rule.riskScore);
+ cy.get(`${ALERT_GRID_CELL} ${ALERT_RULE_NAME}`).contains(rule.name);
+ cy.get(`${ALERT_GRID_CELL} ${ALERT_SEVERITY}`).contains(rule.severity.toLowerCase());
+ cy.get(`${ALERT_GRID_CELL} ${ALERT_RISK_SCORE}`).contains(rule.riskScore);
  });
 
  it('Preview results of keyword using "host.name"', () => {

diff --git a/...urity_solution/server/lib/detection_engine/rule_types/factories/utils/build_alert.test.ts b/...urity_solution/server/lib/detection_engine/rule_types/factories/utils/build_alert.test.ts
@@ -33,7 +33,7 @@ import {
  ALERT_ANCESTORS,
  ALERT_ORIGINAL_EVENT,
  ALERT_ORIGINAL_TIME,
-} from '../../field_maps/field_names';
+} from '../../../../../../../timelines/common/alerts';
 import { SERVER_APP_ID } from '../../../../../../common/constants';
 
 type SignalDoc = SignalSourceHit & {

diff --git a/...s/security_solution/server/lib/detection_engine/rule_types/factories/utils/build_alert.ts b/...s/security_solution/server/lib/detection_engine/rule_types/factories/utils/build_alert.ts
@@ -25,13 +25,13 @@ import {
 import { invariant } from '../../../../../../common/utils/invariant';
 import { RACAlert } from '../../types';
 import { flattenWithPrefix } from './flatten_with_prefix';
+import { SERVER_APP_ID } from '../../../../../../common/constants';
 import {
  ALERT_ANCESTORS,
  ALERT_DEPTH,
  ALERT_ORIGINAL_EVENT,
  ALERT_ORIGINAL_TIME,
-} from '../../field_maps/field_names';
-import { SERVER_APP_ID } from '../../../../../../common/constants';
+} from '../../../../../../../timelines/common/alerts';
 
 /**
  * Takes an event document and extracts the information needed for the corresponding entry in the child

diff --git a/x-pack/plugins/timelines/common/alerts/constants.ts b/x-pack/plugins/timelines/common/alerts/constants.ts
@@ -12,17 +12,6 @@ import {
 } from '@kbn/rule-data-utils';
 import { ValuesType } from 'utility-types';
 
-// TODO: Replace the below located in: x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/field_maps/field_names.ts
-
-// export const ALERT_ANCESTORS = `${ALERT_NAMESPACE}.ancestors`;
-// export const ALERT_DEPTH = `${ALERT_NAMESPACE}.depth`;
-// export const ALERT_ORIGINAL_EVENT = `${ALERT_NAMESPACE}.original_event`;
-// export const ALERT_ORIGINAL_TIME = `${ALERT_NAMESPACE}.original_time`;
-
-/**
- * This file contains the security solution specific Alert fields not contained in the @kbn/rule-data-utils package
- */
-
 // Cast to `as const` to preserve the exact string value when using as a type rather than a value
 export const ALERT_ANCESTORS = `${ALERT_NAMESPACE}.ancestors` as const;
 export const ALERT_ANCESTORS_DEPTH = `${ALERT_ANCESTORS}.depth` as const;

diff --git a/x-pack/plugins/timelines/public/hooks/use_add_to_case.ts b/x-pack/plugins/timelines/public/hooks/use_add_to_case.ts
@@ -8,7 +8,7 @@ import { get, isEmpty } from 'lodash/fp';
 import { useState, useCallback, useMemo, SyntheticEvent } from 'react';
 import { useLocation } from 'react-router-dom';
 import { useDispatch } from 'react-redux';
-import { ALERT_RULE_NAME, ALERT_RULE_UUID } from '@kbn/rule-data-utils';
+import { ALERT_RULE_NAME, ALERT_RULE_UUID, ALERT_UUID } from '@kbn/rule-data-utils';
 import { useKibana } from '../../../../../src/plugins/kibana_react/public';
 import { Case, SubCase } from '../../../cases/common';
 import { TimelinesStartServices } from '../types';
@@ -120,7 +120,7 @@ export const useAddToCase = ({
  const isAlert = useMemo(() => {
  if (event !== undefined) {
  const data = [...event.data];
- return data.some(({ field }) => field === 'kibana.alert.uuid');
+ return data.some(({ field }) => field === ALERT_UUID);
  } else {
  return false;
  }

diff --git a/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/all/constants.ts b/x-pack/plugins/timelines/server/search_strategy/timeline/factory/events/all/constants.ts
@@ -245,6 +245,7 @@ export const TIMELINE_EVENTS_FIELDS = [
  'process.executable',
  'process.title',
  'process.working_directory',
+ 'signal.rule.threshold',
  'zeek.session_id',
  'zeek.connection.local_resp',
  'zeek.connection.local_orig',