[Security Strategy] add unit test for lastFirstSeen Search Strategy (#…

…76911) * add unit test for lastFirstSeen * fix types * fix unit test
elastic · Sep 8, 2020 · f351400 · f351400
1 parent ed5a2bd
commit f351400
Show file tree

Hide file tree

Showing 3 changed files with 138 additions and 0 deletions.
diff --git a/...server/search_strategy/security_solution/factory/hosts/last_first_seen/__mocks__/index.ts b/...server/search_strategy/security_solution/factory/hosts/last_first_seen/__mocks__/index.ts
@@ -0,0 +1,90 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { HostsQueries } from '../../../../../../../common/search_strategy';
+
+export const mockOptions = {
+ defaultIndex: [
+ 'apm-*-transaction*',
+ 'auditbeat-*',
+ 'endgame-*',
+ 'filebeat-*',
+ 'logs-*',
+ 'packetbeat-*',
+ 'winlogbeat-*',
+ ],
+ docValueFields: [],
+ factoryQueryType: HostsQueries.firstLastSeen,
+ hostName: 'siem-kibana',
+};
+
+export const mockSearchStrategyResponse = {
+ isPartial: false,
+ isRunning: false,
+ rawResponse: {
+ took: 230,
+ timed_out: false,
+ _shards: { total: 21, successful: 21, skipped: 0, failed: 0 },
+ hits: { total: -1, max_score: 0, hits: [] },
+ aggregations: {
+ lastSeen: { value: 1599554931759, value_as_string: '2020-09-08T08:48:51.759Z' },
+ firstSeen: { value: 1591611722000, value_as_string: '2020-06-08T10:22:02.000Z' },
+ },
+ },
+ total: 21,
+ loaded: 21,
+};
+
+export const formattedSearchStrategyResponse = {
+ isPartial: false,
+ isRunning: false,
+ rawResponse: {
+ took: 230,
+ timed_out: false,
+ _shards: { total: 21, successful: 21, skipped: 0, failed: 0 },
+ hits: { total: -1, max_score: 0, hits: [] },
+ aggregations: {
+ lastSeen: { value: 1599554931759, value_as_string: '2020-09-08T08:48:51.759Z' },
+ firstSeen: { value: 1591611722000, value_as_string: '2020-06-08T10:22:02.000Z' },
+ },
+ },
+ total: 21,
+ loaded: 21,
+ inspect: {
+ dsl: [
+ '{\n "allowNoIndices": true,\n "index": [\n "apm-*-transaction*",\n "auditbeat-*",\n "endgame-*",\n "filebeat-*",\n "logs-*",\n "packetbeat-*",\n "winlogbeat-*"\n ],\n "ignoreUnavailable": true,\n "body": {\n "docvalue_fields": [],\n "aggregations": {\n "firstSeen": {\n "min": {\n "field": "@timestamp"\n }\n },\n "lastSeen": {\n "max": {\n "field": "@timestamp"\n }\n }\n },\n "query": {\n "bool": {\n "filter": [\n {\n "term": {\n "host.name": "siem-kibana"\n }\n }\n ]\n }\n },\n "size": 0,\n "track_total_hits": false\n }\n}',
+ ],
+ response: [
+ '{\n "isPartial": false,\n "isRunning": false,\n "rawResponse": {\n "took": 230,\n "timed_out": false,\n "_shards": {\n "total": 21,\n "successful": 21,\n "skipped": 0,\n "failed": 0\n },\n "hits": {\n "total": -1,\n "max_score": 0,\n "hits": []\n },\n "aggregations": {\n "lastSeen": {\n "value": 1599554931759,\n "value_as_string": "2020-09-08T08:48:51.759Z"\n },\n "firstSeen": {\n "value": 1591611722000,\n "value_as_string": "2020-06-08T10:22:02.000Z"\n }\n }\n },\n "total": 21,\n "loaded": 21\n}',
+ ],
+ },
+ firstSeen: '2020-06-08T10:22:02.000Z',
+ lastSeen: '2020-09-08T08:48:51.759Z',
+};
+
+export const expectedDsl = {
+ allowNoIndices: true,
+ index: [
+ 'apm-*-transaction*',
+ 'auditbeat-*',
+ 'endgame-*',
+ 'filebeat-*',
+ 'logs-*',
+ 'packetbeat-*',
+ 'winlogbeat-*',
+ ],
+ ignoreUnavailable: true,
+ body: {
+ docvalue_fields: [],
+ aggregations: {
+ firstSeen: { min: { field: '@timestamp' } },
+ lastSeen: { max: { field: '@timestamp' } },
+ },
+ query: { bool: { filter: [{ term: { 'host.name': 'siem-kibana' } }] } },
+ size: 0,
+ track_total_hits: false,
+ },
+};
diff --git a/...tion/server/search_strategy/security_solution/factory/hosts/last_first_seen/index.test.ts b/...tion/server/search_strategy/security_solution/factory/hosts/last_first_seen/index.test.ts
@@ -0,0 +1,35 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import * as buildQuery from './query.last_first_seen_host.dsl';
+import { firstLastSeenHost } from '.';
+import {
+ mockOptions,
+ mockSearchStrategyResponse,
+ formattedSearchStrategyResponse,
+} from './__mocks__';
+
+describe('firstLastSeenHost search strategy', () => {
+ const buildFirstLastSeenHostQuery = jest.spyOn(buildQuery, 'buildFirstLastSeenHostQuery');
+
+ afterEach(() => {
+ buildFirstLastSeenHostQuery.mockClear();
+ });
+
+ describe('buildDsl', () => {
+ test('should build dsl query', () => {
+ firstLastSeenHost.buildDsl(mockOptions);
+ expect(buildFirstLastSeenHostQuery).toHaveBeenCalledWith(mockOptions);
+ });
+ });
+
+ describe('parse', () => {
+ test('should parse data correctly', async () => {
+ const result = await firstLastSeenHost.parse(mockOptions, mockSearchStrategyResponse);
+ expect(result).toMatchObject(formattedSearchStrategyResponse);
+ });
+ });
+});
diff --git a/...gy/security_solution/factory/hosts/last_first_seen/query.last_first_seen_host.dsl.test.ts b/...gy/security_solution/factory/hosts/last_first_seen/query.last_first_seen_host.dsl.test.ts
@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+import { buildFirstLastSeenHostQuery as buildQuery } from './query.last_first_seen_host.dsl';
+import { mockOptions, expectedDsl } from './__mocks__';
+
+describe('buildQuery', () => {
+ test('build query from options correctly', () => {
+ expect(buildQuery(mockOptions)).toEqual(expectedDsl);
+ });
+});