From 6639fa140fd42bbbbf0150886e1fc66dbdf5ab22 Mon Sep 17 00:00:00 2001 From: Yara Tercero Date: Thu, 14 Dec 2023 07:56:32 -0800 Subject: [PATCH] updating per PR feedback --- .../config/ess/config.base.ts | 2 +- .../package.json | 23 +- .../alerts/open_close_alerts.ts | 2 +- .../detection_engine/configs/ess.config.ts | 2 +- .../configs/serverless.config.ts | 2 +- .../rules/create_ml_rules_privileges.ts | 2 +- .../detection_engine/rules/create_rules.ts | 2 +- .../actions/configs/ess.config.ts | 2 +- .../actions/configs/serverless.config.ts | 3 +- .../alerts/configs/ess.config.ts | 2 +- .../alerts/configs/serverless.config.ts | 2 +- .../alerts/open_close_alerts.ts | 2 +- .../default_license/alerts/set_alert_tags.ts | 2 +- .../date_numeric_types/configs/ess.config.ts | 2 +- .../configs/serverless.config.ts | 2 +- .../ips/configs/ess.config.ts | 2 +- .../ips/configs/serverless.config.ts | 2 +- .../keyword/configs/ess.config.ts | 2 +- .../keyword/configs/serverless.config.ts | 2 +- .../long/configs/ess.config.ts | 2 +- .../long/configs/serverless.config.ts | 2 +- .../text/configs/ess.config.ts | 2 +- .../text/configs/serverless.config.ts | 2 +- .../workflows/configs/ess.config.ts | 3 +- .../workflows/configs/serverless.config.ts | 3 +- .../workflows/create_rule_exceptions.ts | 7 +- .../role_based_rule_exceptions_workflows.ts | 2 +- .../configs/ess.config.ts | 3 +- .../configs/serverless.config.ts | 2 +- .../configs/ess.config.ts | 2 +- .../configs/serverless.config.ts | 2 +- .../management/configs/ess.config.ts | 3 +- .../management/configs/serverless.config.ts | 3 +- .../configs/ess.config.ts | 3 +- .../configs/serverless.config.ts | 2 +- .../rule_bulk_actions/configs/ess.config.ts | 3 +- .../configs/serverless.config.ts | 3 +- .../rule_bulk_actions/perform_bulk_action.ts | 2 +- .../perform_bulk_action_ess.ts | 218 ++++++++++-------- .../rule_creation/configs/ess.config.ts | 2 +- .../configs/serverless.config.ts | 3 +- .../rule_creation/create_rules.ts | 2 +- .../rule_creation/create_rules_bulk.ts | 6 +- .../rule_creation/preview_rules.ts | 2 +- .../rule_delete/configs/ess.config.ts | 2 +- .../rule_delete/configs/serverless.config.ts | 3 +- .../rule_delete/delete_rules.ts | 2 +- .../rule_delete/delete_rules_bulk.ts | 8 +- .../rule_delete/delete_rules_bulk_legacy.ts | 2 +- .../rule_delete/delete_rules_legacy.ts | 2 +- .../configs/ess.config.ts | 3 +- .../configs/serverless.config.ts | 3 +- .../execution_logic/eql.ts | 2 +- .../execution_logic/machine_learning.ts | 2 +- .../execution_logic/new_terms.ts | 2 +- .../execution_logic/query.ts | 2 +- .../execution_logic/saved_query.ts | 2 +- .../execution_logic/threat_match.ts | 2 +- .../execution_logic/threshold.ts | 2 +- .../rule_execution_logic/timestamps.ts | 2 +- .../rule_import_export/configs/ess.config.ts | 3 +- .../configs/serverless.config.ts | 3 +- .../rule_import_export/export_rules.ts | 2 +- .../rule_import_export/export_rules_ess.ts | 48 ++-- .../rule_import_export/import_rules_ess.ts | 43 ++-- .../rule_management/configs/ess.config.ts | 2 +- .../configs/serverless.config.ts | 3 +- .../get_rule_execution_results.ts | 2 +- .../rule_patch/configs/ess.config.ts | 2 +- .../rule_patch/configs/serverless.config.ts | 3 +- .../default_license/rule_patch/patch_rules.ts | 2 +- .../rule_patch/patch_rules_bulk.ts | 37 +-- .../rule_patch/patch_rules_ess.ts | 33 +-- .../rule_read/configs/ess.config.ts | 2 +- .../rule_read/configs/serverless.config.ts | 3 +- .../default_license/rule_read/find_rules.ts | 2 +- .../rule_read/find_rules_ess.ts | 48 ++-- .../default_license/rule_read/read_rules.ts | 2 +- .../rule_read/read_rules_ess.ts | 43 ++-- .../rule_update/configs/ess.config.ts | 2 +- .../rule_update/configs/serverless.config.ts | 3 +- .../rule_update/update_rules.ts | 2 +- .../rule_update/update_rules_bulk.ts | 8 +- .../rule_update/update_rules_ess.ts | 2 +- .../telemetry/configs/ess.config.ts | 2 +- .../telemetry/configs/serverless.config.ts | 3 +- .../user_roles/configs/ess.config.ts | 2 +- .../user_roles/configs/serverless.config.ts | 3 +- .../rules/check_investigation_field_in_so.ts | 29 +++ .../detections_response/utils/rules/index.ts | 1 + .../risk_engine/configs/ess.config.ts | 2 +- .../risk_engine/configs/serverless.config.ts | 3 +- .../configs/ess.config.ts | 2 +- .../configs/serverless.config.ts | 3 +- .../lists_items/configs/ess.config.ts | 2 +- .../lists_items/configs/serverless.config.ts | 3 +- 96 files changed, 434 insertions(+), 306 deletions(-) create mode 100644 x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/check_investigation_field_in_so.ts diff --git a/x-pack/test/security_solution_api_integration/config/ess/config.base.ts b/x-pack/test/security_solution_api_integration/config/ess/config.base.ts index b7f08d5180bbe..dfba2aef32b14 100644 --- a/x-pack/test/security_solution_api_integration/config/ess/config.base.ts +++ b/x-pack/test/security_solution_api_integration/config/ess/config.base.ts @@ -51,7 +51,7 @@ export function createTestConfig(options: CreateTestConfigOptions, testFiles?: s servers, services, junit: { - reportName: 'X-Pack Detection Engine API Integration Tests', + reportName: 'X-Pack Security Solution API Integration Tests', }, esTestCluster: { ...xPackApiIntegrationTestsConfig.get('esTestCluster'), diff --git a/x-pack/test/security_solution_api_integration/package.json b/x-pack/test/security_solution_api_integration/package.json index 3c083278eedce..179c3bd3bcf2b 100644 --- a/x-pack/test/security_solution_api_integration/package.json +++ b/x-pack/test/security_solution_api_integration/package.json @@ -13,36 +13,43 @@ "run-tests:ea:default": "node ./scripts/index.js runner entity_analytics default_license", "initialize-server:lists:default": "node ./scripts/index.js server lists_and_exception_lists default_license", "run-tests:lists:default": "node ./scripts/index.js runner lists_and_exception_lists default_license", + "exception_workflows:server:serverless": "npm run initialize-server:dr:default exceptions/workflows serverless", "exception_workflows:runner:serverless": "npm run run-tests:dr:default exceptions/workflows serverless serverlessEnv", "exception_workflows:qa:serverless": "npm run run-tests:dr:default exceptions/workflows serverless qaEnv", "exception_workflows:server:ess": "npm run initialize-server:dr:default exceptions/workflows ess", "exception_workflows:runner:ess": "npm run run-tests:dr:default exceptions/workflows ess essEnv", + "exception_operators_date_numeric_types:server:serverless": "npm run initialize-server:dr:default exceptions/operators_data_types/date_numeric_types serverless", "exception_operators_date_numeric_types:runner:serverless": "npm run run-tests:dr:default exceptions/operators_data_types/date_numeric_types serverless serverlessEnv", "exception_operators_date_numeric_types:qa:serverless": "npm run run-tests:dr:default exceptions/operators_data_types/date_numeric_types serverless qaEnv", "exception_operators_date_numeric_types:server:ess": "npm run initialize-server:dr:default exceptions/operators_data_types/date_numeric_types ess", "exception_operators_date_numeric_types:runner:ess": "npm run run-tests:dr:default exceptions/operators_data_types/date_numeric_types ess essEnv", + "exception_operators_keyword:server:serverless": "npm run initialize-server:dr:default exceptions/operators_data_types/keyword serverless", "exception_operators_keyword:runner:serverless": "npm run run-tests:dr:default exceptions/operators_data_types/keyword serverless serverlessEnv", "exception_operators_keyword:qa:serverless": "npm run run-tests:dr:default exceptions/operators_data_types/keyword serverless qaEnv", "exception_operators_keyword:server:ess": "npm run initialize-server:dr:default exceptions/operators_data_types/keyword ess", "exception_operators_keyword:runner:ess": "npm run run-tests:dr:default exceptions/operators_data_types/keyword ess essEnv", + "exception_operators_ips:server:serverless": "npm run initialize-server:dr:default exceptions/operators_data_types/ips serverless", "exception_operators_ips:runner:serverless": "npm run run-tests:dr:default exceptions/operators_data_types/ips serverless serverlessEnv", "exception_operators_ips:qa:serverless": "npm run run-tests:dr:default exceptions/operators_data_types/ips serverless qaEnv", "exception_operators_ips:server:ess": "npm run initialize-server:dr:default exceptions/operators_data_types/ips ess", "exception_operators_ips:runner:ess": "npm run run-tests:dr:default exceptions/operators_data_types/ips ess essEnv", + "exception_operators_long:server:serverless": "npm run initialize-server:dr:default exceptions/operators_data_types/long serverless", "exception_operators_long:runner:serverless": "npm run run-tests:dr:default exceptions/operators_data_types/long serverless serverlessEnv", "exception_operators_long:qa:serverless": "npm run run-tests:dr:default exceptions/operators_data_types/long serverless qaEnv", "exception_operators_long:server:ess": "npm run initialize-server:dr:default exceptions/operators_data_types/long ess", "exception_operators_long:runner:ess": "npm run run-tests:dr:default exceptions/operators_data_types/long ess essEnv", + "exception_operators_text:server:serverless": "npm run initialize-server:dr:default exceptions/operators_data_types/text serverless", "exception_operators_text:runner:serverless": "npm run run-tests:dr:default exceptions/operators_data_types/text serverless serverlessEnv", "exception_operators_text:qa:serverless": "npm run run-tests:dr:default exceptions/operators_data_types/text serverless qaEnv", "exception_operators_text:server:ess": "npm run initialize-server:dr:default exceptions/operators_data_types/text ess", "exception_operators_text:runner:ess": "npm run run-tests:dr:default exceptions/operators_data_types/text ess essEnv", + "exception_operators_ips_text_array:server:serverless": "npm run initialize-server:dr:default exceptions/operators_data_types/ips_text_array serverless", "exception_operators_ips_text_array:runner:serverless": "npm run run-tests:dr:default exceptions/operators_data_types/ips_text_array serverless serverlessEnv", "exception_operators_ips_text_array:qa:serverless": "npm run run-tests:dr:default exceptions/operators_data_types/ips_text_array serverless qaEnv", @@ -54,31 +61,37 @@ "actions:qa:serverless": "npm run run-tests:dr:default actions serverless qaEnv", "actions:server:ess": "npm run initialize-server:dr:default actions ess", "actions:runner:ess": "npm run run-tests:dr:default actions ess essEnv", + "alerts:server:serverless": "npm run initialize-server:dr:default alerts serverless", "alerts:runner:serverless": "npm run run-tests:dr:default alerts serverless serverlessEnv", "alerts:qa:serverless": "npm run run-tests:dr:default alerts serverless qaEnv", "alerts:server:ess": "npm run initialize-server:dr:default alerts ess", "alerts:runner:ess": "npm run run-tests:dr:default alerts ess essEnv", + "entity_analytics:server:serverless": "npm run initialize-server:ea:default risk_engine serverless", "entity_analytics:runner:serverless": "npm run run-tests:ea:default risk_engine serverless serverlessEnv", "entity_analytics:qa:serverless": "npm run run-tests:ea:default risk_engine serverless qaEnv", "entity_analytics:server:ess": "npm run initialize-server:ea:default risk_engine ess", "entity_analytics:runner:ess": "npm run run-tests:ea:default risk_engine ess essEnv", + "prebuilt_rules_management:server:serverless": "npm run initialize-server:dr:default prebuilt_rules/management serverless", "prebuilt_rules_management:runner:serverless": "npm run run-tests:dr:default prebuilt_rules/management serverless serverlessEnv", "prebuilt_rules_management:qa:serverless": "npm run run-tests:dr:default prebuilt_rules/management serverless qaEnv", "prebuilt_rules_management:server:ess": "npm run initialize-server:dr:default prebuilt_rules/management ess", "prebuilt_rules_management:runner:ess": "npm run run-tests:dr:default prebuilt_rules/management ess essEnv", + "prebuilt_rules_bundled_prebuilt_rules_package:server:serverless": "npm run initialize-server:dr:default prebuilt_rules/bundled_prebuilt_rules_package serverless", "prebuilt_rules_bundled_prebuilt_rules_package:runner:serverless": "npm run run-tests:dr:default prebuilt_rules/bundled_prebuilt_rules_package serverless serverlessEnv", "prebuilt_rules_bundled_prebuilt_rules_package:qa:serverless": "npm run run-tests:dr:default prebuilt_rules/bundled_prebuilt_rules_package serverless qaEnv", "prebuilt_rules_bundled_prebuilt_rules_package:server:ess": "npm run initialize-server:dr:default prebuilt_rules/bundled_prebuilt_rules_package ess", "prebuilt_rules_bundled_prebuilt_rules_package:runner:ess": "npm run run-tests:dr:default prebuilt_rules/bundled_prebuilt_rules_package ess essEnv", + "prebuilt_rules_large_prebuilt_rules_package:server:serverless": "npm run initialize-server:dr:default prebuilt_rules/large_prebuilt_rules_package serverless", "prebuilt_rules_large_prebuilt_rules_package:runner:serverless": "npm run run-tests:dr:default prebuilt_rules/large_prebuilt_rules_package serverless serverlessEnv", "prebuilt_rules_large_prebuilt_rules_package:qa:serverless": "npm run run-tests:dr:default prebuilt_rules/large_prebuilt_rules_package serverless qaEnv", "prebuilt_rules_large_prebuilt_rules_package:server:ess": "npm run initialize-server:dr:default prebuilt_rules/large_prebuilt_rules_package ess", "prebuilt_rules_large_prebuilt_rules_package:runner:ess": "npm run run-tests:dr:default prebuilt_rules/large_prebuilt_rules_package ess essEnv", + "prebuilt_rules_update_prebuilt_rules_package:server:serverless": "npm run initialize-server:dr:default prebuilt_rules/update_prebuilt_rules_package serverless", "prebuilt_rules_update_prebuilt_rules_package:runner:serverless": "npm run run-tests:dr:default prebuilt_rules/update_prebuilt_rules_package serverless serverlessEnv", "prebuilt_rules_update_prebuilt_rules_package:qa:serverless": "npm run run-tests:dr:default prebuilt_rules/update_prebuilt_rules_package serverless qaEnv", @@ -151,11 +164,11 @@ "rule_read:server:ess": "npm run initialize-server:dr:default rule_read ess", "rule_read:runner:ess": "npm run run-tests:dr:default rule_read ess essEnv", - "detection_engine_basicessentionals:server:serverless": "npm run initialize-server:dr:basicEssentials detection_engine serverless", - "detection_engine_basicessentionals:runner:serverless": "npm run run-tests:dr:basicEssentials detection_engine serverless serverlessEnv", - "detection_engine_basicessentionals:qa:serverless": "npm run run-tests:dr:basicEssentials detection_engine serverless qaEnv", - "detection_engine_basicessentionals:server:ess": "npm run initialize-server:dr:basicEssentials detection_engine ess", - "detection_engine_basicessentionals:runner:ess": "npm run run-tests:dr:basicEssentials detection_engine ess essEnv", + "detection_engine:essentials:server:serverless": "npm run initialize-server:dr:essentials detection_engine serverless", + "detection_engine:essentials:runner:serverless": "npm run run-tests:dr:essentials detection_engine serverless serverlessEnv", + "detection_engine:essentials:qa:serverless": "npm run run-tests:dr:essentials detection_engine serverless qaEnv", + "detection_engine:basic:server:ess": "npm run initialize-server:dr:basic detection:engine ess", + "detection_engine:basic:runner:ess": "npm run run-tests:dr:basic detection_engine ess essEnv", "exception_lists_items:server:serverless": "npm run initialize-server:lists:default exception_lists_items serverless", "exception_lists_items:runner:serverless": "npm run run-tests:lists:default exception_lists_items serverless serverlessEnv", diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/alerts/open_close_alerts.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/alerts/open_close_alerts.ts index 4af66d1da4a93..ae9533d8d3ce2 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/alerts/open_close_alerts.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/alerts/open_close_alerts.ts @@ -34,7 +34,7 @@ export default ({ getService }: FtrProviderContext) => { const esArchiver = getService('esArchiver'); const log = getService('log'); const es = getService('es'); - // TODO: add a new service + // TODO: add a new service for loading archiver files similar to "getService('es')" const config = getService('config'); const isServerless = config.get('serverless'); const dataPathBuilder = new EsArchivePathBuilder(isServerless); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/configs/ess.config.ts index b980aef5f783a..7176cc1421ec6 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/configs/ess.config.ts @@ -16,7 +16,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { ...functionalConfig.getAll(), testFiles: [require.resolve('..')], junit: { - reportName: 'Detection Engine ESS - Basic Integration Tests', + reportName: 'Detection Engine - Integration Tests - ESS Env - Basic License', }, }; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/configs/serverless.config.ts index 8a4199ccfb44d..c920ca94da57b 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/configs/serverless.config.ts @@ -10,6 +10,6 @@ import { createTestConfig } from '../../../../../config/serverless/config.base.e export default createTestConfig({ testFiles: [require.resolve('..')], junit: { - reportName: 'Detection Engine Serverless - Essentials Integration Tests', + reportName: 'Detection Engine - Integration Tests - Serverless Env - Essentials License ', }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/rules/create_ml_rules_privileges.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/rules/create_ml_rules_privileges.ts index 0b4bcea421c70..a9537d0426c01 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/rules/create_ml_rules_privileges.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/rules/create_ml_rules_privileges.ts @@ -25,7 +25,7 @@ export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); const es = getService('es'); - // TODO: add a new service + // TODO: add a new service for loading archiver files similar to "getService('es')" const config = getService('config'); const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); const isServerless = config.get('serverless'); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/rules/create_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/rules/create_rules.ts index 6a3fff87611da..281fa37bb2d5d 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/rules/create_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/basic_essentials_license/detection_engine/rules/create_rules.ts @@ -30,7 +30,7 @@ export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); const es = getService('es'); - // TODO: add a new service + // TODO: add a new service for loading archiver files similar to "getService('es')" const config = getService('config'); const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); const isServerless = config.get('serverless'); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/actions/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/actions/configs/ess.config.ts index e508918b0538d..883267119e173 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/actions/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/actions/configs/ess.config.ts @@ -16,7 +16,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { ...functionalConfig.getAll(), testFiles: [require.resolve('..')], junit: { - reportName: 'Detection Engine ESS - Actions API Integration Tests', + reportName: 'Detection Engine - Rule Actions Integration Tests - ESS Env - Trial License', }, }; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/actions/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/actions/configs/serverless.config.ts index ea876833ea839..22a7c56a7c434 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/actions/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/actions/configs/serverless.config.ts @@ -10,6 +10,7 @@ import { createTestConfig } from '../../../../../config/serverless/config.base'; export default createTestConfig({ testFiles: [require.resolve('..')], junit: { - reportName: 'Detection Engine Serverless - Actions API Integration Tests', + reportName: + 'Detection Engine - Rule Actions Integration Tests - Serverless Env - Complete License', }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/configs/ess.config.ts index 2a8468856732f..94a2ae7368534 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/configs/ess.config.ts @@ -16,7 +16,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { ...functionalConfig.getAll(), testFiles: [require.resolve('..')], junit: { - reportName: 'Detection Engine API Integration Tests - ESS - Alerts', + reportName: 'Detection Engine - Alerts Integration Tests - ESS Env - Trial License', }, }; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/configs/serverless.config.ts index 9c61a18b25abc..b4d510ae05174 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/configs/serverless.config.ts @@ -10,6 +10,6 @@ import { createTestConfig } from '../../../../../config/serverless/config.base'; export default createTestConfig({ testFiles: [require.resolve('..')], junit: { - reportName: 'Detection Engine API Integration Tests - Serverless - Alerts', + reportName: 'Detection Engine - Alerts Integration Tests - Serverless Env - Complete License', }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/open_close_alerts.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/open_close_alerts.ts index 20b52f7be5059..44718cc823529 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/open_close_alerts.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/open_close_alerts.ts @@ -44,7 +44,7 @@ export default ({ getService }: FtrProviderContext) => { const supertestWithoutAuth = getService('supertestWithoutAuth'); const log = getService('log'); const es = getService('es'); - // TODO: add a new service + // TODO: add a new service for loading archiver files similar to "getService('es')" const config = getService('config'); const isServerless = config.get('serverless'); const dataPathBuilder = new EsArchivePathBuilder(isServerless); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/set_alert_tags.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/set_alert_tags.ts index 15920ab3993b0..775a6da06d9d8 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/set_alert_tags.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/alerts/set_alert_tags.ts @@ -34,7 +34,7 @@ export default ({ getService }: FtrProviderContext) => { const esArchiver = getService('esArchiver'); const log = getService('log'); const es = getService('es'); - // TODO: add a new service + // TODO: add a new service for loading archiver files similar to "getService('es')" const config = getService('config'); const isServerless = config.get('serverless'); const dataPathBuilder = new EsArchivePathBuilder(isServerless); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/date_numeric_types/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/date_numeric_types/configs/ess.config.ts index 9d03e3503a480..74bbb3e6fe9a8 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/date_numeric_types/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/date_numeric_types/configs/ess.config.ts @@ -17,7 +17,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { testFiles: [require.resolve('..')], junit: { reportName: - 'Detection Engine ESS - Exception Operators Data Types API - Date_numeric_types Integration Tests', + 'Detection Engine - Exception Operators Date & Numeric Types Integration Tests - ESS Env - Trial License', }, }; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/date_numeric_types/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/date_numeric_types/configs/serverless.config.ts index df64ace832d80..3e030f426d993 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/date_numeric_types/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/date_numeric_types/configs/serverless.config.ts @@ -11,6 +11,6 @@ export default createTestConfig({ testFiles: [require.resolve('..')], junit: { reportName: - 'Detection Engine Serverless - Exception Operators Data Types API - Date_numeric_types Integration Tests', + 'Detection Engine - Exception Operators Date & Numeric Types Integration Tests - Serverless Env - Complete License', }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/ips/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/ips/configs/ess.config.ts index 114f4e628b7ac..966c0d58c57f3 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/ips/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/ips/configs/ess.config.ts @@ -17,7 +17,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { testFiles: [require.resolve('..')], junit: { reportName: - 'Detection Engine ESS - Exception Operators Data Types API- IPS Integration Tests', + 'Detection Engine - Exception Operators IP Types Integration Tests - ESS Env - Trial License', }, }; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/ips/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/ips/configs/serverless.config.ts index 80ec0198524b3..4ce0ff0d41059 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/ips/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/ips/configs/serverless.config.ts @@ -11,6 +11,6 @@ export default createTestConfig({ testFiles: [require.resolve('..')], junit: { reportName: - 'Detection Engine Serverless - Exception Operators Data Types API- IPS API Integration Tests', + 'Detection Engine - Exception Operators IP Types Integration Tests - Serverless Env - Complete License', }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/keyword/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/keyword/configs/ess.config.ts index 8b19e9b0d8c6d..f58f354407f5f 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/keyword/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/keyword/configs/ess.config.ts @@ -17,7 +17,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { testFiles: [require.resolve('..')], junit: { reportName: - 'Detection Engine ESS - Exception Operators Data Types API- Keyword Integration Tests', + 'Detection Engine - Exception Operators Keyword Types Integration Tests - ESS Env - Trial License', }, }; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/keyword/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/keyword/configs/serverless.config.ts index 3e209f3c04e85..f5093ce32ed63 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/keyword/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/keyword/configs/serverless.config.ts @@ -11,6 +11,6 @@ export default createTestConfig({ testFiles: [require.resolve('..')], junit: { reportName: - 'Detection Engine Serverless - Exception Operators Data Types API - Keyword Integration Tests', + 'Detection Engine - Exception Operators Keyword Types Integration Tests - Serverless Env - Complete License', }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/long/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/long/configs/ess.config.ts index 5438e929d9b22..e18b5debbcd51 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/long/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/long/configs/ess.config.ts @@ -17,7 +17,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { testFiles: [require.resolve('..')], junit: { reportName: - 'Detection Engine ESS - Exception Operators Data Types API - Long Integration Tests', + 'Detection Engine - Exception Operators Long Types Integration Tests - ESS Env - Trial License', }, }; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/long/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/long/configs/serverless.config.ts index 646062b09db91..735bb46a9a6b0 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/long/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/long/configs/serverless.config.ts @@ -11,6 +11,6 @@ export default createTestConfig({ testFiles: [require.resolve('..')], junit: { reportName: - 'Detection Engine Serverless - Exception Operators Data Types API - Long Integration Tests', + 'Detection Engine - Exception Operators Long Types Integration Tests - Serverless Env - Complete License', }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/text/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/text/configs/ess.config.ts index 01bb5ebdd21eb..c9774e4f590a5 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/text/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/text/configs/ess.config.ts @@ -17,7 +17,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { testFiles: [require.resolve('..')], junit: { reportName: - 'Detection Engine ESS - - Exception Operators Data Types API - Text Integration Tests', + 'Detection Engine - Exception Operators Text Types Integration Tests - ESS Env - Trial License', }, }; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/text/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/text/configs/serverless.config.ts index 3c67f4c7ad06c..c7a7beb13099d 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/text/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/operators_data_types/text/configs/serverless.config.ts @@ -11,6 +11,6 @@ export default createTestConfig({ testFiles: [require.resolve('..')], junit: { reportName: - 'Detection Engine Serverless - Exception Operators Data Types API - Text Integration Tests', + 'Detection Engine - Exception Operators Text Types Integration Tests - Serverless Env - Complete License', }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/configs/ess.config.ts index 4a9004910d3b5..04bc56b399b77 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/configs/ess.config.ts @@ -16,7 +16,8 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { ...functionalConfig.getAll(), testFiles: [require.resolve('..')], junit: { - reportName: 'Detection Engine ESS - Exception - Workflows API Integration Tests', + reportName: + 'Detection Engine - Exception Workflows Integration Tests - ESS Env - Trial License', }, }; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/configs/serverless.config.ts index 32e5ca5e8d061..64763286226ae 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/configs/serverless.config.ts @@ -10,6 +10,7 @@ import { createTestConfig } from '../../../../../../config/serverless/config.bas export default createTestConfig({ testFiles: [require.resolve('..')], junit: { - reportName: 'Detection Engine Serverless - Exception - Workflows API Integration Tests', + reportName: + 'Detection Engine - Exception Workflows Integration Tests - Serverless Env - Complete License', }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/create_rule_exceptions.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/create_rule_exceptions.ts index 1f1e4d91d4a09..d3478b74ceb2b 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/create_rule_exceptions.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/create_rule_exceptions.ts @@ -27,6 +27,7 @@ import { getRuleSOById, createRuleThroughAlertingEndpoint, getRuleSavedObjectWithLegacyInvestigationFields, + checkInvestigationFieldSoValue, } from '../../../utils'; import { deleteAllExceptions, @@ -290,10 +291,14 @@ export default ({ getService }: FtrProviderContext) => { hits: [{ _source: ruleSO }], }, } = await getRuleSOById(es, ruleWithLegacyInvestigationField.id); + const isInvestigationFieldMigratedInSo = checkInvestigationFieldSoValue(ruleSO, { + field_names: ['client.address', 'agent.name'], + }); + expect( ruleSO?.alert.params.exceptionsList.some((list) => list.type === 'rule_default') ).to.eql(true); - expect(ruleSO?.alert.params.investigationFields).to.eql(['client.address', 'agent.name']); + expect(isInvestigationFieldMigratedInSo).to.eql(false); }); }); }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/role_based_rule_exceptions_workflows.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/role_based_rule_exceptions_workflows.ts index 870df90d3e475..fdf11a4020351 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/role_based_rule_exceptions_workflows.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/exceptions/workflows/role_based_rule_exceptions_workflows.ts @@ -73,7 +73,7 @@ export default ({ getService }: FtrProviderContext) => { const esArchiver = getService('esArchiver'); const log = getService('log'); const es = getService('es'); - // TODO: add a new service + // TODO: add a new service for loading archiver files similar to "getService('es')" const config = getService('config'); const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); const isServerless = config.get('serverless'); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/bundled_prebuilt_rules_package/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/bundled_prebuilt_rules_package/configs/ess.config.ts index 87c0b1b3c43d8..68bfe2e9314b0 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/bundled_prebuilt_rules_package/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/bundled_prebuilt_rules_package/configs/ess.config.ts @@ -22,7 +22,8 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { ...functionalConfig.getAll(), testFiles: [require.resolve('..')], junit: { - reportName: 'Detection Engine ESS / Bundled Prebuilt Rules Package API Integration Tests', + reportName: + 'Rules Management - Bundled Prebuilt Rules Integration Tests - ESS Env - Trial License', }, kbnTestServer: { ...functionalConfig.get('kbnTestServer'), diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/bundled_prebuilt_rules_package/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/bundled_prebuilt_rules_package/configs/serverless.config.ts index db6e8e11082e0..492c3c13870c6 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/bundled_prebuilt_rules_package/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/bundled_prebuilt_rules_package/configs/serverless.config.ts @@ -16,7 +16,7 @@ export default createTestConfig({ testFiles: [require.resolve('..')], junit: { reportName: - 'Detection Engine Serverless / Bundled Prebuilte Rules Package API Integration Tests', + 'Rules Management - Bundled Prebuilt Rules Integration Tests - Serverless Env - Complete License', }, kbnTestServerArgs: [ /* Tests in this directory simulate an air-gapped environment in which the instance doesn't have access to EPR. diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/large_prebuilt_rules_package/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/large_prebuilt_rules_package/configs/ess.config.ts index 9b056de5b8252..2d96db1382f35 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/large_prebuilt_rules_package/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/large_prebuilt_rules_package/configs/ess.config.ts @@ -23,7 +23,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { testFiles: [require.resolve('..')], junit: { reportName: - 'Detection Engine ESS / Large Prebuilt Rules Package Installation API Integration Tests', + 'Rules Management - Large Prebuilt Rules Package Integration Tests - ESS Env - Trial License', }, kbnTestServer: { ...functionalConfig.get('kbnTestServer'), diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/large_prebuilt_rules_package/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/large_prebuilt_rules_package/configs/serverless.config.ts index 29b6ec1c4cc6c..89bd5f723a9fe 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/large_prebuilt_rules_package/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/large_prebuilt_rules_package/configs/serverless.config.ts @@ -16,7 +16,7 @@ export default createTestConfig({ testFiles: [require.resolve('..')], junit: { reportName: - 'Detection Engine Serverless / Large Prebuilt Rules Package Installation API Integration Tests', + 'Rules Management - Large Prebuilt Rules Package Installation Integration Tests - Serverless Env - Complete License', }, kbnTestServerArgs: [ /* Tests in this directory simulate an air-gapped environment in which the instance doesn't have access to EPR. diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/management/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/management/configs/ess.config.ts index 7fec27a5d9276..eebdce7697d3c 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/management/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/management/configs/ess.config.ts @@ -16,7 +16,8 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { ...functionalConfig.getAll(), testFiles: [require.resolve('..')], junit: { - reportName: 'Detection Engine ESS / Prebuilt Rules Management API Integration Tests', + reportName: + 'Rules Management - Prebuilt Rules Management Integration Tests - ESS Env - Trial License', }, }; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/management/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/management/configs/serverless.config.ts index 89916d26e7a73..91836b3997774 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/management/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/management/configs/serverless.config.ts @@ -10,6 +10,7 @@ import { createTestConfig } from '../../../../../../config/serverless/config.bas export default createTestConfig({ testFiles: [require.resolve('..')], junit: { - reportName: 'Detection Engine Serverless / Prebuilt Rules Management API Integration Tests', + reportName: + 'Rules Management - Prebuilt Rules Management Integration Tests - Serverless Env - Complete License', }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/update_prebuilt_rules_package/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/update_prebuilt_rules_package/configs/ess.config.ts index 0def0b0f17a5f..23b22b80b8573 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/update_prebuilt_rules_package/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/update_prebuilt_rules_package/configs/ess.config.ts @@ -16,7 +16,8 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { ...functionalConfig.getAll(), testFiles: [require.resolve('..')], junit: { - reportName: 'Detection Engine ESS / Update Prebuilt Rules Package - API Integration Tests', + reportName: + 'Rules Management - Update Prebuilt Rules Integration Tests - ESS Env - Trial License', }, }; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/update_prebuilt_rules_package/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/update_prebuilt_rules_package/configs/serverless.config.ts index 5f6716342c924..c05eef46de73b 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/update_prebuilt_rules_package/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/prebuilt_rules/update_prebuilt_rules_package/configs/serverless.config.ts @@ -11,6 +11,6 @@ export default createTestConfig({ testFiles: [require.resolve('..')], junit: { reportName: - 'Detection Engine Serverless / Update Prebuilt Rules Package - API Integration Tests', + 'Rules Management - Update Prebuilt Rules Integration Tests - Serverless Env - Complete License', }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_bulk_actions/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_bulk_actions/configs/ess.config.ts index 92303ddd2445f..1519833895210 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_bulk_actions/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_bulk_actions/configs/ess.config.ts @@ -16,7 +16,8 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { ...functionalConfig.getAll(), testFiles: [require.resolve('..')], junit: { - reportName: 'Rule Bulk Actions API Integration Tests - ESS - Rule bulk actions logic', + reportName: + 'Rules Management - Rule Bulk Actions Integration Tests - ESS Env - Trial License', }, }; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_bulk_actions/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_bulk_actions/configs/serverless.config.ts index 9e4f790d3ded7..14da93e9eb6c2 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_bulk_actions/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_bulk_actions/configs/serverless.config.ts @@ -9,6 +9,7 @@ import { createTestConfig } from '../../../../../config/serverless/config.base'; export default createTestConfig({ testFiles: [require.resolve('..')], junit: { - reportName: 'Rule Bulk Actions API Integration Tests - Serverless - Rule bulk actions logic', + reportName: + 'Rules Management - Rule Bulk Actions Integration Tests - Serverless Env - Complete License', }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_bulk_actions/perform_bulk_action.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_bulk_actions/perform_bulk_action.ts index f7e48ac30a6eb..2c3a0570ea51a 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_bulk_actions/perform_bulk_action.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_bulk_actions/perform_bulk_action.ts @@ -43,7 +43,7 @@ export default ({ getService }: FtrProviderContext): void => { const es = getService('es'); const log = getService('log'); const esArchiver = getService('esArchiver'); - // TODO: add a new service + // TODO: add a new service for pulling kibana username, similar to getService('es') const config = getService('config'); const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_bulk_actions/perform_bulk_action_ess.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_bulk_actions/perform_bulk_action_ess.ts index 9d145dc5a7c75..bd5400810cf58 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_bulk_actions/perform_bulk_action_ess.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_bulk_actions/perform_bulk_action_ess.ts @@ -34,6 +34,7 @@ import { createRuleThroughAlertingEndpoint, getRuleSavedObjectWithLegacyInvestigationFields, getRuleSavedObjectWithLegacyInvestigationFieldsEmptyArray, + checkInvestigationFieldSoValue, } from '../../utils'; import { FtrProviderContext } from '../../../../ftr_provider_context'; @@ -469,6 +470,7 @@ export default ({ getService }: FtrProviderContext): void => { describe('legacy investigation fields', () => { let ruleWithLegacyInvestigationField: Rule; let ruleWithLegacyInvestigationFieldEmptyArray: Rule; + let ruleWithIntendedInvestigationField: RuleResponse; beforeEach(async () => { await deleteAllAlerts(supertest, log, es); @@ -482,7 +484,7 @@ export default ({ getService }: FtrProviderContext): void => { supertest, getRuleSavedObjectWithLegacyInvestigationFieldsEmptyArray() ); - await createRule(supertest, log, { + ruleWithIntendedInvestigationField = await createRule(supertest, log, { ...getSimpleRule('rule-with-investigation-field'), name: 'Test investigation fields object', investigation_fields: { field_names: ['host.name'] }, @@ -527,12 +529,14 @@ export default ({ getService }: FtrProviderContext): void => { * the SO itself is migrated to the inteded object type, or if the transformation is * happening just on the response. In this case, change should not include a migration on SO. */ - const { - hits: { - hits: [{ _source: ruleSO }], - }, - } = await getRuleSOById(es, JSON.parse(rule1).id); - expect(ruleSO?.alert?.params?.investigationFields).to.eql(['client.address', 'agent.name']); + const isInvestigationFieldMigratedInSo = checkInvestigationFieldSoValue( + undefined, + { field_names: ['client.address', 'agent.name'] }, + es, + JSON.parse(rule1).id + ); + + expect(isInvestigationFieldMigratedInSo).to.eql(false); const exportDetails = JSON.parse(exportDetailsJson); expect(exportDetails).to.eql({ @@ -617,7 +621,6 @@ export default ({ getService }: FtrProviderContext): void => { (returnedRule: RuleResponse) => returnedRule.rule_id === 'rule-with-investigation-field' ); expect(ruleWithIntendedType.investigation_fields).to.eql({ field_names: ['host.name'] }); - /** * Confirm type on SO so that it's clear in the tests whether it's expected that * the SO itself is migrated to the inteded object type, or if the transformation is @@ -628,7 +631,12 @@ export default ({ getService }: FtrProviderContext): void => { hits: [{ _source: ruleSO }], }, } = await getRuleSOById(es, ruleWithLegacyField.id); - expect(ruleSO?.alert?.params?.investigationFields).to.eql(['client.address', 'agent.name']); + + const isInvestigationFieldMigratedInSo = checkInvestigationFieldSoValue(ruleSO, { + field_names: ['client.address', 'agent.name'], + }); + + expect(isInvestigationFieldMigratedInSo).to.eql(false); expect(ruleSO?.alert?.enabled).to.eql(true); const { @@ -687,26 +695,36 @@ export default ({ getService }: FtrProviderContext): void => { * the SO itself is migrated to the inteded object type, or if the transformation is * happening just on the response. In this case, change should not include a migration on SO. */ - const { - hits: { - hits: [{ _source: ruleSO }], - }, - } = await getRuleSOById(es, ruleWithLegacyField.id); - expect(ruleSO?.alert?.params?.investigationFields).to.eql(['client.address', 'agent.name']); - - const { - hits: { - hits: [{ _source: ruleSO2 }], - }, - } = await getRuleSOById(es, ruleWithEmptyArray.id); - expect(ruleSO2?.alert?.params?.investigationFields).to.eql([]); - - const { - hits: { - hits: [{ _source: ruleSO3 }], - }, - } = await getRuleSOById(es, ruleWithIntendedType.id); - expect(ruleSO3?.alert?.params?.investigationFields).to.eql({ field_names: ['host.name'] }); + const isInvestigationFieldForRuleWithLegacyFieldMigratedInSo = + checkInvestigationFieldSoValue( + undefined, + { + field_names: ['client.address', 'agent.name'], + }, + es, + ruleWithLegacyField.id + ); + expect(isInvestigationFieldForRuleWithLegacyFieldMigratedInSo).to.eql(false); + + const isInvestigationFieldForRuleWithEmptyArraydMigratedInSo = + checkInvestigationFieldSoValue( + undefined, + { + field_names: [], + }, + es, + ruleWithEmptyArray.id + ); + expect(isInvestigationFieldForRuleWithEmptyArraydMigratedInSo).to.eql(false); + + const isInvestigationFieldForRuleWithIntendedTypeMigratedInSo = + checkInvestigationFieldSoValue( + undefined, + { field_names: ['host.name'] }, + es, + ruleWithIntendedType.id + ); + expect(isInvestigationFieldForRuleWithIntendedTypeMigratedInSo).to.eql(true); }); it('should duplicate rules with legacy investigation fields and transform field in response', async () => { @@ -750,64 +768,70 @@ export default ({ getService }: FtrProviderContext): void => { returnedRule.name === 'Test investigation fields object [Duplicate]' ); + // DUPLICATED RULES /** * Confirm type on SO so that it's clear in the tests whether it's expected that * the SO itself is migrated to the inteded object type, or if the transformation is * happening just on the response. In this case, duplicated * rules should NOT have migrated value on write. */ - const { - hits: { - hits: [{ _source: ruleSO }], - }, - } = await getRuleSOById(es, ruleWithLegacyField.id); - - expect(ruleSO?.alert?.params?.investigationFields).to.eql(['client.address', 'agent.name']); - - const { - hits: { - hits: [{ _source: ruleSO2 }], - }, - } = await getRuleSOById(es, ruleWithEmptyArray.id); - expect(ruleSO2?.alert?.params?.investigationFields).to.eql([]); - - const { - hits: { - hits: [{ _source: ruleSO3 }], - }, - } = await getRuleSOById(es, ruleWithIntendedType.id); - expect(ruleSO3?.alert?.params?.investigationFields).to.eql({ field_names: ['host.name'] }); + const isInvestigationFieldForRuleWithLegacyFieldMigratedInSo = + checkInvestigationFieldSoValue( + undefined, + { field_names: ['client.address', 'agent.name'] }, + es, + ruleWithLegacyField.id + ); + expect(isInvestigationFieldForRuleWithLegacyFieldMigratedInSo).to.eql(false); + + const isInvestigationFieldForRuleWithEmptyArrayMigratedInSo = + checkInvestigationFieldSoValue(undefined, { field_names: [] }, es, ruleWithEmptyArray.id); + expect(isInvestigationFieldForRuleWithEmptyArrayMigratedInSo).to.eql(false); + + const isInvestigationFieldForRuleWithIntendedTypeMigratedInSo = + checkInvestigationFieldSoValue( + undefined, + { field_names: ['host.name'] }, + es, + ruleWithIntendedType.id + ); + expect(isInvestigationFieldForRuleWithIntendedTypeMigratedInSo).to.eql({ + field_names: ['host.name'], + }); + // ORIGINAL RULES - rules selected to be duplicated /** * Confirm type on SO so that it's clear in the tests whether it's expected that * the SO itself is migrated to the inteded object type, or if the transformation is * happening just on the response. In this case, the original * rules selected to be duplicated should not be migrated. */ - const { - hits: { - hits: [{ _source: ruleSOOriginalLegacy }], - }, - } = await getRuleSOById(es, ruleWithLegacyInvestigationField.id); - - expect(ruleSOOriginalLegacy?.alert?.params?.investigationFields).to.eql([ - 'client.address', - 'agent.name', - ]); - - const { - hits: { - hits: [{ _source: ruleSOOriginalLegacyEmptyArray }], - }, - } = await getRuleSOById(es, ruleWithLegacyInvestigationFieldEmptyArray.id); - expect(ruleSOOriginalLegacyEmptyArray?.alert?.params?.investigationFields).to.eql([]); - - const { - hits: { - hits: [{ _source: ruleSOOriginalNoLegacy }], - }, - } = await getRuleSOById(es, ruleWithIntendedType.id); - expect(ruleSOOriginalNoLegacy?.alert?.params?.investigationFields).to.eql({ + const isInvestigationFieldForOriginalRuleWithLegacyFieldMigratedInSo = + checkInvestigationFieldSoValue( + undefined, + { field_names: ['client.address', 'agent.name'] }, + es, + ruleWithLegacyInvestigationField.id + ); + expect(isInvestigationFieldForOriginalRuleWithLegacyFieldMigratedInSo).to.eql(false); + + const isInvestigationFieldForOriginalRuleWithEmptyArrayMigratedInSo = + checkInvestigationFieldSoValue( + undefined, + { field_names: [] }, + es, + ruleWithLegacyInvestigationFieldEmptyArray.id + ); + expect(isInvestigationFieldForOriginalRuleWithEmptyArrayMigratedInSo).to.eql(false); + + const isInvestigationFieldForOriginalRuleWithIntendedTypeMigratedInSo = + checkInvestigationFieldSoValue( + undefined, + { field_names: ['host.name'] }, + es, + ruleWithIntendedInvestigationField.id + ); + expect(isInvestigationFieldForOriginalRuleWithIntendedTypeMigratedInSo).to.eql({ field_names: ['host.name'], }); }); @@ -859,26 +883,32 @@ export default ({ getService }: FtrProviderContext): void => { * the SO itself is migrated to the inteded object type, or if the transformation is * happening just on the response. In this case, change should not include a migration on SO. */ - const { - hits: { - hits: [{ _source: ruleSO }], - }, - } = await getRuleSOById(es, ruleWithLegacyInvestigationField.id); - expect(ruleSO?.alert?.params?.investigationFields).to.eql(['client.address', 'agent.name']); - - const { - hits: { - hits: [{ _source: ruleSO2 }], - }, - } = await getRuleSOById(es, ruleWithLegacyInvestigationFieldEmptyArray.id); - expect(ruleSO2?.alert?.params?.investigationFields).to.eql([]); - - const { - hits: { - hits: [{ _source: ruleSO3 }], - }, - } = await getRuleSOById(es, ruleWithIntendedType.id); - expect(ruleSO3?.alert?.params?.investigationFields).to.eql({ field_names: ['host.name'] }); + const isInvestigationFieldForRuleWithLegacyFieldMigratedInSo = + checkInvestigationFieldSoValue( + undefined, + { field_names: ['client.address', 'agent.name'] }, + es, + ruleWithLegacyInvestigationField.id + ); + expect(isInvestigationFieldForRuleWithLegacyFieldMigratedInSo).to.eql(false); + + const isInvestigationFieldForRuleWithEmptyArrayFieldMigratedInSo = + checkInvestigationFieldSoValue( + undefined, + { field_names: [] }, + es, + ruleWithLegacyInvestigationFieldEmptyArray.id + ); + expect(isInvestigationFieldForRuleWithEmptyArrayFieldMigratedInSo).to.eql(false); + + const isInvestigationFieldForRuleWithIntendedTypeMigratedInSo = + checkInvestigationFieldSoValue( + undefined, + { field_names: ['host.name'] }, + es, + ruleWithIntendedType.id + ); + expect(isInvestigationFieldForRuleWithIntendedTypeMigratedInSo).to.eql(true); }); }); }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/configs/ess.config.ts index 4fbad71828a44..2f04f8c18d6b4 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/configs/ess.config.ts @@ -16,7 +16,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { ...functionalConfig.getAll(), testFiles: [require.resolve('..')], junit: { - reportName: 'Detection Engine ESS/ Rule creation API Integration Tests', + reportName: 'Detection Engine - Rule Creation Integration Tests - ESS Env - Trial License', }, }; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/configs/serverless.config.ts index 3c214b340ab74..4a8c7d24f7b36 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/configs/serverless.config.ts @@ -10,6 +10,7 @@ import { createTestConfig } from '../../../../../config/serverless/config.base'; export default createTestConfig({ testFiles: [require.resolve('..')], junit: { - reportName: 'Detection Engine Serverless/ Rule creation API Integration Tests', + reportName: + 'Detection Engine - Rule Creation Integration Tests - Serverless Env - Complete License', }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/create_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/create_rules.ts index 49ed77a4dc48e..aad42c2e4ea6c 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/create_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/create_rules.ts @@ -45,7 +45,7 @@ export default ({ getService }: FtrProviderContext) => { const supertestWithoutAuth = getService('supertestWithoutAuth'); const log = getService('log'); const es = getService('es'); - // TODO: add a new service + // TODO: add a new service for pulling kibana username, similar to getService('es') const config = getService('config'); const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/create_rules_bulk.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/create_rules_bulk.ts index aa07404205652..81d136bac6a7a 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/create_rules_bulk.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/create_rules_bulk.ts @@ -42,10 +42,8 @@ export default ({ getService }: FtrProviderContext): void => { const log = getService('log'); const es = getService('es'); - // Marking as ESS and brokenInServerless as it's currently exposed in both, but if this is already - // deprecated, it should cease being exposed in Serverless prior to GA, in which case this - // test would be run for ESS only. - describe('@ess @brokenInServerless @skipInQA create_rules_bulk', () => { + // See https://github.com/elastic/kibana/issues/130963 for discussion on deprecation + describe('@ess @serverless create_rules_bulk', () => { describe('deprecations', () => { afterEach(async () => { await deleteAllRules(supertest, log); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/preview_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/preview_rules.ts index bcfbf77ef23e1..95ba7de98eab7 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/preview_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_creation/preview_rules.ts @@ -24,7 +24,7 @@ export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const supertestWithoutAuth = getService('supertestWithoutAuth'); const log = getService('log'); - // TODO: add a new service + // TODO: add a new service for loading archiver files similar to "getService('es')" const config = getService('config'); const isServerless = config.get('serverless'); const dataPathBuilder = new EsArchivePathBuilder(isServerless); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_delete/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_delete/configs/ess.config.ts index 11f644695b9dc..3c8ba6dd0ba99 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_delete/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_delete/configs/ess.config.ts @@ -16,7 +16,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { ...functionalConfig.getAll(), testFiles: [require.resolve('..')], junit: { - reportName: 'Rule Management API Integration Tests - ESS - Rule Delete logic', + reportName: 'Detection Engine - Rule Deletion Integration Tests - ESS Env - Trial License', }, }; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_delete/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_delete/configs/serverless.config.ts index ed7c4e3d11a71..89f417d00f551 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_delete/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_delete/configs/serverless.config.ts @@ -9,6 +9,7 @@ import { createTestConfig } from '../../../../../config/serverless/config.base'; export default createTestConfig({ testFiles: [require.resolve('..')], junit: { - reportName: 'Rule Management API Integration Tests - Serverless - Rule Delete logic', + reportName: + 'Detection Engine - Rule Deletion Integration Tests - Serverless Env - Complete License', }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_delete/delete_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_delete/delete_rules.ts index 1966ab101ab0c..ed325c15dae40 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_delete/delete_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_delete/delete_rules.ts @@ -27,7 +27,7 @@ export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const log = getService('log'); const es = getService('es'); - // TODO: add a new service + // TODO: add a new service for pulling kibana username, similar to getService('es') const config = getService('config'); const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_delete/delete_rules_bulk.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_delete/delete_rules_bulk.ts index 10d768152ddc3..092f50022a047 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_delete/delete_rules_bulk.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_delete/delete_rules_bulk.ts @@ -32,14 +32,12 @@ export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const log = getService('log'); const es = getService('es'); - // TODO: add a new service + // TODO: add a new service for pulling kibana username, similar to getService('es') const config = getService('config'); const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); - // Marking as ESS and brokenInServerless as it's currently exposed in both, but if this is already - // deprecated, it should cease being exposed in Serverless prior to GA, in which case this - // test would be run for ESS only. - describe('@ess @brokenInServerless @skipInQA delete_rules_bulk', () => { + // See https://github.com/elastic/kibana/issues/130963 for discussion on deprecation + describe('@ess @serverless delete_rules_bulk', () => { describe('deprecations', () => { it('should return a warning header', async () => { await createRule(supertest, log, getSimpleRule()); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_delete/delete_rules_bulk_legacy.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_delete/delete_rules_bulk_legacy.ts index 85a5814fdf732..53a8ac37e5abb 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_delete/delete_rules_bulk_legacy.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_delete/delete_rules_bulk_legacy.ts @@ -176,7 +176,7 @@ export default ({ getService }: FtrProviderContext): void => { // Test to ensure that we have exactly 0 legacy actions by querying the Alerting client REST API directly // See: https://www.elastic.co/guide/en/kibana/current/find-rules-api.html - // Note: We specifically query for both the filter of type "siem.notifications" and the "has_reference" to keep it very specific + // Note: We specifically filter for both the type "siem.notifications" and the "has_reference" field to ensure we only retrieve legacy actions const { body: bodyAfterDelete } = await supertest .get(`${BASE_ALERTING_API_PATH}/rules/_find`) .query({ diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_delete/delete_rules_legacy.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_delete/delete_rules_legacy.ts index 9db8143c6ad3c..214217cdbfe5b 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_delete/delete_rules_legacy.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_delete/delete_rules_legacy.ts @@ -27,7 +27,7 @@ export default ({ getService }: FtrProviderContext): void => { const log = getService('log'); const es = getService('es'); - describe('@ess delete_rules_legacy', () => { + describe('@ess Legacy route for deleting rules', () => { describe('deleting rules', () => { beforeEach(async () => { await createAlertsIndex(supertest, log); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/configs/ess.config.ts index bbf6c6c0e3f7b..392716ccea85b 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/configs/ess.config.ts @@ -16,7 +16,8 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { ...functionalConfig.getAll(), testFiles: [require.resolve('..')], junit: { - reportName: 'Detection Engine API Integration Tests - ESS - Rule Execution Logic', + reportName: + 'Detection Engine - Rule Execution Logic Integration Tests - ESS Env - Trial License', }, }; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/configs/serverless.config.ts index c01c3a74e61cf..46e50d14935b4 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/configs/serverless.config.ts @@ -9,7 +9,8 @@ import { createTestConfig } from '../../../../../config/serverless/config.base'; export default createTestConfig({ testFiles: [require.resolve('..')], junit: { - reportName: 'Detection Engine API Integration Tests - Serverless - Rule Execution Logic', + reportName: + 'Detection Engine - Rule Execution Logic Integration Tests - Serverless Env - Complete License', }, kbnTestServerArgs: [ `--xpack.securitySolution.alertIgnoreFields=${JSON.stringify([ diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/eql.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/eql.ts index db5a924b48a05..d569a3b5bf847 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/eql.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/eql.ts @@ -46,7 +46,7 @@ export default ({ getService }: FtrProviderContext) => { const esArchiver = getService('esArchiver'); const es = getService('es'); const log = getService('log'); - // TODO: add a new service + // TODO: add a new service for loading archiver files similar to "getService('es')" const config = getService('config'); const isServerless = config.get('serverless'); const dataPathBuilder = new EsArchivePathBuilder(isServerless); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/machine_learning.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/machine_learning.ts index d58227377f116..b5bbbec462fda 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/machine_learning.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/machine_learning.ts @@ -52,7 +52,7 @@ export default ({ getService }: FtrProviderContext) => { const esArchiver = getService('esArchiver'); const es = getService('es'); const log = getService('log'); - // TODO: add a new service + // TODO: add a new service for loading archiver files similar to "getService('es')" const config = getService('config'); const isServerless = config.get('serverless'); const dataPathBuilder = new EsArchivePathBuilder(isServerless); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/new_terms.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/new_terms.ts index 8a47aeaa89bdc..a37568dbdaa23 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/new_terms.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/new_terms.ts @@ -41,7 +41,7 @@ export default ({ getService }: FtrProviderContext) => { index: 'new_terms', log, }); - // TODO: add a new service + // TODO: add a new service for loading archiver files similar to "getService('es')" const config = getService('config'); const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); const isServerless = config.get('serverless'); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/query.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/query.ts index 19c02fe389fe4..ba789dafd8d7e 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/query.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/query.ts @@ -88,7 +88,7 @@ export default ({ getService }: FtrProviderContext) => { const es = getService('es'); const log = getService('log'); const esDeleteAllIndices = getService('esDeleteAllIndices'); - // TODO: add a new service + // TODO: add a new service for loading archiver files similar to "getService('es')" const config = getService('config'); const isServerless = config.get('serverless'); const dataPathBuilder = new EsArchivePathBuilder(isServerless); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/saved_query.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/saved_query.ts index e387a2f840c41..c0a197e64f292 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/saved_query.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/saved_query.ts @@ -37,7 +37,7 @@ export default ({ getService }: FtrProviderContext) => { const esArchiver = getService('esArchiver'); const es = getService('es'); const log = getService('log'); - // TODO: add a new service + // TODO: add a new service for loading archiver files similar to "getService('es')" const config = getService('config'); const isServerless = config.get('serverless'); const dataPathBuilder = new EsArchivePathBuilder(isServerless); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/threat_match.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/threat_match.ts index 9b6c525b5e351..b94a6f0d96b17 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/threat_match.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/threat_match.ts @@ -147,7 +147,7 @@ export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const es = getService('es'); const log = getService('log'); - // TODO: add a new service + // TODO: add a new service for loading archiver files similar to "getService('es')" const config = getService('config'); const isServerless = config.get('serverless'); const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/threshold.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/threshold.ts index 5edee29c02dc6..bca6dab46ca5e 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/threshold.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/execution_logic/threshold.ts @@ -39,7 +39,7 @@ export default ({ getService }: FtrProviderContext) => { const esArchiver = getService('esArchiver'); const es = getService('es'); const log = getService('log'); - // TODO: add a new service + // TODO: add a new service for loading archiver files similar to "getService('es')" const config = getService('config'); const isServerless = config.get('serverless'); const dataPathBuilder = new EsArchivePathBuilder(isServerless); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/timestamps.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/timestamps.ts index d7c645c115082..2a51b1da2e444 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/timestamps.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_execution_logic/timestamps.ts @@ -35,7 +35,7 @@ export default ({ getService }: FtrProviderContext) => { const esArchiver = getService('esArchiver'); const es = getService('es'); const log = getService('log'); - // TODO: add a new service + // TODO: add a new service for loading archiver files similar to "getService('es')" const config = getService('config'); const isServerless = config.get('serverless'); const dataPathBuilder = new EsArchivePathBuilder(isServerless); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_import_export/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_import_export/configs/ess.config.ts index 0221afa650a09..ee0cff6c55b86 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_import_export/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_import_export/configs/ess.config.ts @@ -16,7 +16,8 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { ...functionalConfig.getAll(), testFiles: [require.resolve('..')], junit: { - reportName: 'Rule Management API Integration Tests - ESS - Rule Import and Export logic', + reportName: + 'Rules Management - Rule Import And Export Integration Tests - ESS Env - Trial License', }, }; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_import_export/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_import_export/configs/serverless.config.ts index 5be8cda08a16d..5d9fdbac927df 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_import_export/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_import_export/configs/serverless.config.ts @@ -9,6 +9,7 @@ import { createTestConfig } from '../../../../../config/serverless/config.base'; export default createTestConfig({ testFiles: [require.resolve('..')], junit: { - reportName: 'Rule Management API Integration Tests - Serverless - Rule Import and Export logic', + reportName: + 'Rules Management - Rule Import And Export Integration Tests - Serverless Env - Complete License', }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_import_export/export_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_import_export/export_rules.ts index bde3148c84320..42ec2a27c5d7f 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_import_export/export_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_import_export/export_rules.ts @@ -28,7 +28,7 @@ export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const log = getService('log'); const es = getService('es'); - // TODO: add a new service + // TODO: add a new service for pulling kibana username, similar to getService('es') const config = getService('config'); const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_import_export/export_rules_ess.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_import_export/export_rules_ess.ts index 0a58efd57359f..6ccf182967acc 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_import_export/export_rules_ess.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_import_export/export_rules_ess.ts @@ -26,9 +26,9 @@ import { removeServerGeneratedProperties, getRuleSavedObjectWithLegacyInvestigationFields, getRuleSavedObjectWithLegacyInvestigationFieldsEmptyArray, - getRuleSOById, updateUsername, createRuleThroughAlertingEndpoint, + checkInvestigationFieldSoValue, } from '../../utils'; import { FtrProviderContext } from '../../../../ftr_provider_context'; @@ -36,7 +36,7 @@ export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const log = getService('log'); const es = getService('es'); - // TODO: add a new service + // TODO: add a new service for pulling kibana username, similar to getService('es') const config = getService('config'); const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); @@ -417,21 +417,20 @@ export default ({ getService }: FtrProviderContext): void => { expect(exportedRule.investigation_fields).toEqual({ field_names: ['client.address', 'agent.name'], }); + /** * Confirm type on SO so that it's clear in the tests whether it's expected that * the SO itself is migrated to the inteded object type, or if the transformation is * happening just on the response. In this case, change should * NOT include a migration on SO. */ - const { - hits: { - hits: [{ _source: ruleSO }], - }, - } = await getRuleSOById(es, ruleWithLegacyInvestigationField.id); - expect(ruleSO?.alert?.params?.investigationFields).toEqual([ - 'client.address', - 'agent.name', - ]); + const isInvestigationFieldMigratedInSo = checkInvestigationFieldSoValue( + undefined, + { field_names: ['client.address', 'agent.name'] }, + es, + ruleWithLegacyInvestigationField.id + ); + expect(isInvestigationFieldMigratedInSo).toEqual(false); }); it('exports a rule that has a legacy investigation field set to empty array and unsets field in response', async () => { @@ -455,12 +454,13 @@ export default ({ getService }: FtrProviderContext): void => { * happening just on the response. In this case, change should * NOT include a migration on SO. */ - const { - hits: { - hits: [{ _source: ruleSO }], - }, - } = await getRuleSOById(es, ruleWithLegacyInvestigationFieldEmptyArray.id); - expect(ruleSO?.alert?.params?.investigationFields).toEqual([]); + const isInvestigationFieldMigratedInSo = checkInvestigationFieldSoValue( + undefined, + { field_names: [] }, + es, + ruleWithLegacyInvestigationFieldEmptyArray.id + ); + expect(isInvestigationFieldMigratedInSo).toEqual(false); }); it('exports rule with investigation fields as intended object type', async () => { @@ -484,12 +484,14 @@ export default ({ getService }: FtrProviderContext): void => { * the SO itself is migrated to the inteded object type, or if the transformation is * happening just on the response. In this case, change should * NOT include a migration on SO. - */ const { - hits: { - hits: [{ _source: ruleSO }], - }, - } = await getRuleSOById(es, exportedRule.id); - expect(ruleSO?.alert?.params?.investigationFields).toEqual({ field_names: ['host.name'] }); + */ + const isInvestigationFieldMigratedInSo = checkInvestigationFieldSoValue( + undefined, + { field_names: ['host.name'] }, + es, + exportedRule.id + ); + expect(isInvestigationFieldMigratedInSo).toEqual(true); }); }); }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_import_export/import_rules_ess.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_import_export/import_rules_ess.ts index aaeb01904e066..bc49bb20d1f69 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_import_export/import_rules_ess.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_import_export/import_rules_ess.ts @@ -22,9 +22,9 @@ import { getLegacyActionSO, createRule, fetchRule, - getRuleSOById, getWebHookAction, getSimpleRuleAsNdjson, + checkInvestigationFieldSoValue, } from '../../utils'; import { createUserAndRole, @@ -308,18 +308,20 @@ export default ({ getService }: FtrProviderContext): void => { const rule = await fetchRule(supertest, { ruleId: 'rule-1' }); expect(rule.investigation_fields).to.eql({ field_names: ['foo', 'bar'] }); + /** * Confirm type on SO so that it's clear in the tests whether it's expected that * the SO itself is migrated to the inteded object type, or if the transformation is * happening just on the response. In this case, change should * include a migration on SO. */ - const { - hits: { - hits: [{ _source: ruleSO }], - }, - } = await getRuleSOById(es, rule.id); - expect(ruleSO?.alert?.params?.investigationFields).to.eql({ field_names: ['foo', 'bar'] }); + const isInvestigationFieldMigratedInSo = checkInvestigationFieldSoValue( + undefined, + { field_names: ['foo', 'bar'] }, + es, + rule.id + ); + expect(isInvestigationFieldMigratedInSo).to.eql(true); }); it('imports rule with investigation fields as empty array', async () => { @@ -342,18 +344,20 @@ export default ({ getService }: FtrProviderContext): void => { const rule = await fetchRule(supertest, { ruleId: 'rule-1' }); expect(rule.investigation_fields).to.eql(undefined); + /** * Confirm type on SO so that it's clear in the tests whether it's expected that * the SO itself is migrated to the inteded object type, or if the transformation is * happening just on the response. In this case, change should * include a migration on SO. */ - const { - hits: { - hits: [{ _source: ruleSO }], - }, - } = await getRuleSOById(es, rule.id); - expect(ruleSO?.alert?.params?.investigationFields).to.eql(undefined); + const isInvestigationFieldMigratedInSo = checkInvestigationFieldSoValue( + undefined, + undefined, + es, + rule.id + ); + expect(isInvestigationFieldMigratedInSo).to.eql(true); }); it('imports rule with investigation fields as intended object type', async () => { @@ -381,12 +385,13 @@ export default ({ getService }: FtrProviderContext): void => { * happening just on the response. In this case, change should * include a migration on SO. */ - const { - hits: { - hits: [{ _source: ruleSO }], - }, - } = await getRuleSOById(es, rule.id); - expect(ruleSO?.alert?.params?.investigationFields).to.eql({ field_names: ['foo'] }); + const isInvestigationFieldIntendedTypeInSo = checkInvestigationFieldSoValue( + undefined, + { field_names: ['foo'] }, + es, + rule.id + ); + expect(isInvestigationFieldIntendedTypeInSo).to.eql(true); }); }); }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_management/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_management/configs/ess.config.ts index 94ea13264eaab..978d5f2268dee 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_management/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_management/configs/ess.config.ts @@ -16,7 +16,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { ...functionalConfig.getAll(), testFiles: [require.resolve('..')], junit: { - reportName: 'Rule Management API Integration Tests - ESS - Rule management logic', + reportName: 'Rules Management - Rule Management Integration Tests - ESS Env - Trial License', }, }; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_management/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_management/configs/serverless.config.ts index 0f86bfe4d5ebb..86c288c6dacea 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_management/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_management/configs/serverless.config.ts @@ -9,6 +9,7 @@ import { createTestConfig } from '../../../../../config/serverless/config.base'; export default createTestConfig({ testFiles: [require.resolve('..')], junit: { - reportName: 'Rule Management API Integration Tests - Serverless - Rule management logic', + reportName: + 'Rules Management - Rule Management Integration Tests - Serverless Env - Complete License', }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_management/get_rule_execution_results.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_management/get_rule_execution_results.ts index 3463518a51af4..a45636b08ea0d 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_management/get_rule_execution_results.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_management/get_rule_execution_results.ts @@ -41,7 +41,7 @@ export default ({ getService }: FtrProviderContext) => { const esArchiver = getService('esArchiver'); const es = getService('es'); const log = getService('log'); - // TODO: add a new service + // TODO: add a new service for loading archiver files similar to "getService('es')" const config = getService('config'); const isServerless = config.get('serverless'); const dataPathBuilder = new EsArchivePathBuilder(isServerless); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_patch/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_patch/configs/ess.config.ts index f8c742a881ded..30b7daf5d02b3 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_patch/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_patch/configs/ess.config.ts @@ -16,7 +16,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { ...functionalConfig.getAll(), testFiles: [require.resolve('..')], junit: { - reportName: 'Rule Management API Integration Tests - ESS - Rule Patch logic', + reportName: 'Detection Engine - Rule Patch Integration Tests - ESS Env - Trial License', }, }; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_patch/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_patch/configs/serverless.config.ts index 7ed12808c452e..e95130ab73891 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_patch/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_patch/configs/serverless.config.ts @@ -9,6 +9,7 @@ import { createTestConfig } from '../../../../../config/serverless/config.base'; export default createTestConfig({ testFiles: [require.resolve('..')], junit: { - reportName: 'Rule Management API Integration Tests - Serverless - Rule Patch logic', + reportName: + 'Detection Engine - Rule Patch Integration Tests - Serverless Env - Complete License', }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_patch/patch_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_patch/patch_rules.ts index d267e6398eca0..43abe1c3b591b 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_patch/patch_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_patch/patch_rules.ts @@ -41,7 +41,7 @@ export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); const es = getService('es'); - // TODO: add a new service + // TODO: add a new service for pulling kibana username, similar to getService('es') const config = getService('config'); const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_patch/patch_rules_bulk.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_patch/patch_rules_bulk.ts index 0bf1bd43ab99c..9e3b29b8ac913 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_patch/patch_rules_bulk.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_patch/patch_rules_bulk.ts @@ -29,6 +29,7 @@ import { createRuleThroughAlertingEndpoint, getRuleSavedObjectWithLegacyInvestigationFieldsEmptyArray, getRuleSavedObjectWithLegacyInvestigationFields, + checkInvestigationFieldSoValue, } from '../../utils'; import { FtrProviderContext } from '../../../../ftr_provider_context'; @@ -36,14 +37,12 @@ export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); const es = getService('es'); - // TODO: add a new service + // TODO: add a new service for pulling kibana username, similar to getService('es') const config = getService('config'); const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); - // Marking as ESS and brokenInServerless as it's currently exposed in both, but if this is already - // deprecated, it should cease being exposed in Serverless prior to GA, in which case this - // test would be run for ESS only. - describe('@ess @brokenInServerless @skipInQA patch_rules_bulk', () => { + // See https://github.com/elastic/kibana/issues/130963 for discussion on deprecation + describe('@ess @serverless patch_rules_bulk', () => { describe('deprecations', () => { afterEach(async () => { await deleteAllRules(supertest, log); @@ -588,18 +587,20 @@ export default ({ getService }: FtrProviderContext) => { field_names: ['client.address', 'agent.name'], }); expect(bodyToCompareLegacyField.name).to.eql('some other name'); + /** * Confirm type on SO so that it's clear in the tests whether it's expected that * the SO itself is migrated to the inteded object type, or if the transformation is * happening just on the response. In this case, change should * NOT include a migration on SO. */ - const { - hits: { - hits: [{ _source: ruleSO }], - }, - } = await getRuleSOById(es, body[0].id); - expect(ruleSO?.alert?.params?.investigationFields).to.eql(['client.address', 'agent.name']); + const isInvestigationFieldMigratedInSo = checkInvestigationFieldSoValue( + undefined, + { field_names: ['client.address', 'agent.name'] }, + es, + body[0].id + ); + expect(isInvestigationFieldMigratedInSo).to.eql(false); }); it('should patch a rule with a legacy investigation field - empty array - and transform field in response', async () => { @@ -619,18 +620,20 @@ export default ({ getService }: FtrProviderContext) => { const bodyToCompareLegacyFieldEmptyArray = removeServerGeneratedProperties(body[0]); expect(bodyToCompareLegacyFieldEmptyArray.investigation_fields).to.eql(undefined); expect(bodyToCompareLegacyFieldEmptyArray.name).to.eql('some other name 2'); + /** * Confirm type on SO so that it's clear in the tests whether it's expected that * the SO itself is migrated to the inteded object type, or if the transformation is * happening just on the response. In this case, change should * NOT include a migration on SO. */ - const { - hits: { - hits: [{ _source: ruleSO }], - }, - } = await getRuleSOById(es, body[0].id); - expect(ruleSO?.alert?.params?.investigationFields).to.eql([]); + const isInvestigationFieldMigratedInSo = checkInvestigationFieldSoValue( + undefined, + { field_names: [] }, + es, + body[0].id + ); + expect(isInvestigationFieldMigratedInSo).to.eql(false); }); it('should patch a rule with an investigation field', async () => { diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_patch/patch_rules_ess.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_patch/patch_rules_ess.ts index 06b530c113352..0ea1bbe6846bd 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_patch/patch_rules_ess.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_patch/patch_rules_ess.ts @@ -16,7 +16,6 @@ import { deleteAllRules, deleteAllAlerts, removeServerGeneratedProperties, - getRuleSOById, createRuleThroughAlertingEndpoint, getRuleSavedObjectWithLegacyInvestigationFields, getRuleSavedObjectWithLegacyInvestigationFieldsEmptyArray, @@ -26,6 +25,7 @@ import { updateUsername, createLegacyRuleAction, getSimpleRule, + checkInvestigationFieldSoValue, } from '../../utils'; import { FtrProviderContext } from '../../../../ftr_provider_context'; @@ -33,7 +33,7 @@ export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); const es = getService('es'); - // TODO: add a new service + // TODO: add a new service for pulling kibana username, similar to getService('es') const config = getService('config'); const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); @@ -158,15 +158,15 @@ export default ({ getService }: FtrProviderContext) => { * happening just on the response. In this case, change should * NOT include a migration on SO. */ - const { - hits: { - hits: [{ _source: ruleSO }], + const isInvestigationFieldMigratedInSo = checkInvestigationFieldSoValue( + undefined, + { + field_names: ['client.address', 'agent.name'], }, - } = await getRuleSOById(es, body.id); - expect(ruleSO?.alert?.params?.investigationFields).to.eql([ - 'client.address', - 'agent.name', - ]); + es, + body.id + ); + expect(isInvestigationFieldMigratedInSo).to.eql(false); }); it('should patch a rule with a legacy investigation field - empty array - and transform response', async () => { @@ -188,12 +188,15 @@ export default ({ getService }: FtrProviderContext) => { * happening just on the response. In this case, change should * NOT include a migration on SO. */ - const { - hits: { - hits: [{ _source: ruleSO }], + const isInvestigationFieldMigratedInSo = checkInvestigationFieldSoValue( + undefined, + { + field_names: [], }, - } = await getRuleSOById(es, body.id); - expect(ruleSO?.alert?.params?.investigationFields).to.eql([]); + es, + body.id + ); + expect(isInvestigationFieldMigratedInSo).to.eql(false); }); }); }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_read/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_read/configs/ess.config.ts index 5c1925861aa39..9d0830b927c6e 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_read/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_read/configs/ess.config.ts @@ -16,7 +16,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { ...functionalConfig.getAll(), testFiles: [require.resolve('..')], junit: { - reportName: 'Rule Management API Integration Tests - ESS - Rule Read logic', + reportName: 'Rules Management - Rule Read Integration Tests - ESS Env - Trial License', }, }; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_read/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_read/configs/serverless.config.ts index 81c0e71881466..853ffc6443890 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_read/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_read/configs/serverless.config.ts @@ -9,6 +9,7 @@ import { createTestConfig } from '../../../../../config/serverless/config.base'; export default createTestConfig({ testFiles: [require.resolve('..')], junit: { - reportName: 'Rule Management API Integration Tests - Serverless - Rule Read logic', + reportName: + 'Rules Management - Rule Read Integration Tests - Serverless Env - Complete License', }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_read/find_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_read/find_rules.ts index 8c8804bc59c68..4a9740358e928 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_read/find_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_read/find_rules.ts @@ -27,7 +27,7 @@ import { FtrProviderContext } from '../../../../ftr_provider_context'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const log = getService('log'); - // TODO: add a new service + // TODO: add a new service for pulling kibana username, similar to getService('es') const config = getService('config'); const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_read/find_rules_ess.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_read/find_rules_ess.ts index 9b380d3a0a40a..88bedfb459513 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_read/find_rules_ess.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_read/find_rules_ess.ts @@ -18,7 +18,6 @@ import { createRule, createRuleThroughAlertingEndpoint, deleteAllRules, - getRuleSOById, getSimpleRule, getSimpleRuleOutput, getWebHookAction, @@ -26,6 +25,7 @@ import { removeServerGeneratedProperties, getRuleSavedObjectWithLegacyInvestigationFields, getRuleSavedObjectWithLegacyInvestigationFieldsEmptyArray, + checkInvestigationFieldSoValue, } from '../../utils'; import { FtrProviderContext } from '../../../../ftr_provider_context'; @@ -33,7 +33,7 @@ export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const log = getService('log'); const es = getService('es'); - // TODO: add a new service + // TODO: add a new service for pulling kibana username, similar to getService('es') const config = getService('config'); const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); @@ -171,24 +171,36 @@ export default ({ getService }: FtrProviderContext): void => { * happening just on the response. In this case, change should * NOT include a migration on SO. */ - const { - hits: { - hits: [{ _source: ruleSO }], + const isInvestigationFieldMigratedInSo = checkInvestigationFieldSoValue( + undefined, + { + field_names: ['client.address', 'agent.name'], }, - } = await getRuleSOById(es, ruleWithLegacyInvestigationField.id); - expect(ruleSO?.alert?.params?.investigationFields).to.eql(['client.address', 'agent.name']); - const { - hits: { - hits: [{ _source: ruleSO2 }], - }, - } = await getRuleSOById(es, ruleWithLegacyInvestigationFieldEmptyArray.id); - expect(ruleSO2?.alert?.params?.investigationFields).to.eql([]); - const { - hits: { - hits: [{ _source: ruleSO3 }], + es, + ruleWithLegacyInvestigationField.id + ); + expect(isInvestigationFieldMigratedInSo).to.eql(false); + + const isInvestigationFieldMigratedInSoForRuleWithEmptyArray = + checkInvestigationFieldSoValue( + undefined, + { + field_names: [], + }, + es, + ruleWithLegacyInvestigationFieldEmptyArray.id + ); + expect(isInvestigationFieldMigratedInSoForRuleWithEmptyArray).to.eql(false); + + const isInvestigationFieldSoExpectedType = checkInvestigationFieldSoValue( + undefined, + { + field_names: ['host.name'], }, - } = await getRuleSOById(es, ruleWithExpectedTyping.id); - expect(ruleSO3?.alert?.params?.investigationFields).to.eql({ field_names: ['host.name'] }); + es, + ruleWithExpectedTyping.id + ); + expect(isInvestigationFieldSoExpectedType).to.eql(true); }); }); }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_read/read_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_read/read_rules.ts index a26c3dba358c5..d7a4ba65b98da 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_read/read_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_read/read_rules.ts @@ -27,7 +27,7 @@ export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); const es = getService('es'); - // TODO: add a new service + // TODO: add a new service for pulling kibana username, similar to getService('es') const config = getService('config'); const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_read/read_rules_ess.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_read/read_rules_ess.ts index dcbaf8b10615e..d5ce4c08b19ab 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_read/read_rules_ess.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_read/read_rules_ess.ts @@ -21,11 +21,11 @@ import { getSimpleRuleOutput, getWebHookAction, removeServerGeneratedProperties, - getRuleSOById, updateUsername, getRuleSavedObjectWithLegacyInvestigationFields, createRuleThroughAlertingEndpoint, getRuleSavedObjectWithLegacyInvestigationFieldsEmptyArray, + checkInvestigationFieldSoValue, } from '../../utils'; import { FtrProviderContext } from '../../../../ftr_provider_context'; @@ -33,7 +33,7 @@ export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); const es = getService('es'); - // TODO: add a new service + // TODO: add a new service for pulling kibana username, similar to getService('es') const config = getService('config'); const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); @@ -164,12 +164,15 @@ export default ({ getService }: FtrProviderContext) => { * happening just on the response. In this case, change should * just be a transform on read, not a migration on SO. */ - const { - hits: { - hits: [{ _source: ruleSO }], + const isInvestigationFieldMigratedInSo = checkInvestigationFieldSoValue( + undefined, + { + field_names: ['client.address', 'agent.name'], }, - } = await getRuleSOById(es, body.id); - expect(ruleSO?.alert?.params?.investigationFields).to.eql(['client.address', 'agent.name']); + es, + body.id + ); + expect(isInvestigationFieldMigratedInSo).to.eql(false); }); it('should be able to read a rule with a legacy investigation field - empty array', async () => { @@ -190,12 +193,15 @@ export default ({ getService }: FtrProviderContext) => { * happening just on the response. In this case, change should * just be a transform on read, not a migration on SO. */ - const { - hits: { - hits: [{ _source: ruleSO }], + const isInvestigationFieldMigratedInSo = checkInvestigationFieldSoValue( + undefined, + { + field_names: [], }, - } = await getRuleSOById(es, body.id); - expect(ruleSO?.alert?.params?.investigationFields).to.eql([]); + es, + body.id + ); + expect(isInvestigationFieldMigratedInSo).to.eql(false); }); it('does not migrate investigation fields when intended object type', async () => { @@ -214,12 +220,13 @@ export default ({ getService }: FtrProviderContext) => { * happening just on the response. In this case, change should * just be a transform on read, not a migration on SO. */ - const { - hits: { - hits: [{ _source: ruleSO }], - }, - } = await getRuleSOById(es, body.id); - expect(ruleSO?.alert?.params?.investigationFields).to.eql({ field_names: ['host.name'] }); + const isInvestigationFieldIntendedTypeInSo = checkInvestigationFieldSoValue( + undefined, + { field_names: ['host.name'] }, + es, + body.id + ); + expect(isInvestigationFieldIntendedTypeInSo).to.eql(true); }); }); }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_update/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_update/configs/ess.config.ts index 1774ff3ae28ea..fa76a9537ab3a 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_update/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_update/configs/ess.config.ts @@ -16,7 +16,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { ...functionalConfig.getAll(), testFiles: [require.resolve('..')], junit: { - reportName: 'Rule Management API Integration Tests - ESS - Rule Update logic', + reportName: 'Detection Engine - Rule Update Integration Tests - ESS Env - Trial License', }, }; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_update/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_update/configs/serverless.config.ts index 017b5dec486b1..ea732668ee155 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_update/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_update/configs/serverless.config.ts @@ -9,6 +9,7 @@ import { createTestConfig } from '../../../../../config/serverless/config.base'; export default createTestConfig({ testFiles: [require.resolve('..')], junit: { - reportName: 'Rule Management API Integration Tests - Serverless - Rule Update logic', + reportName: + 'Detection Engine - Rule Update Integration Tests - Serverless Env - Complete License', }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_update/update_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_update/update_rules.ts index 3c6a3e7735a4a..69dc28fddf6b4 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_update/update_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_update/update_rules.ts @@ -44,7 +44,7 @@ export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); const es = getService('es'); - // TODO: add a new service + // TODO: add a new service for pulling kibana username, similar to getService('es') const config = getService('config'); const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_update/update_rules_bulk.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_update/update_rules_bulk.ts index 49c9ffdd817fd..8aecb69e80fbf 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_update/update_rules_bulk.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_update/update_rules_bulk.ts @@ -48,14 +48,12 @@ export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); const es = getService('es'); - // TODO: add a new service + // TODO: add a new service for pulling kibana username, similar to getService('es') const config = getService('config'); const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); - // Marking as ESS and brokenInServerless as it's currently exposed in both, but if this is already - // deprecated, it should cease being exposed in Serverless prior to GA, in which case this - // test would be run for ESS only. - describe('@ess @brokenInServerless @skipInQA update_rules_bulk', () => { + // See https://github.com/elastic/kibana/issues/130963 for discussion on deprecation + describe('@ess @serverless update_rules_bulk', () => { describe('deprecations', () => { afterEach(async () => { await deleteAllRules(supertest, log); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_update/update_rules_ess.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_update/update_rules_ess.ts index 38a5a5a07a9f0..3338634ea0511 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_update/update_rules_ess.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/rule_update/update_rules_ess.ts @@ -34,7 +34,7 @@ export default ({ getService }: FtrProviderContext) => { const supertest = getService('supertest'); const log = getService('log'); const es = getService('es'); - // TODO: add a new service + // TODO: add a new service for pulling kibana username, similar to getService('es') const config = getService('config'); const ELASTICSEARCH_USERNAME = config.get('servers.kibana.username'); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/telemetry/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/telemetry/configs/ess.config.ts index 787542036e084..2626c12f9a825 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/telemetry/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/telemetry/configs/ess.config.ts @@ -16,7 +16,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { ...functionalConfig.getAll(), testFiles: [require.resolve('..')], junit: { - reportName: 'Detection Engine API Integration Tests - ESS - Telemetry', + reportName: 'Detection Engine - Telemetry Integration Tests - ESS Env - Trial License', }, }; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/telemetry/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/telemetry/configs/serverless.config.ts index 99bd2458c69a4..2601dba13f00c 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/telemetry/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/telemetry/configs/serverless.config.ts @@ -10,7 +10,8 @@ import { createTestConfig } from '../../../../../config/serverless/config.base'; export default createTestConfig({ testFiles: [require.resolve('..')], junit: { - reportName: 'Detection Engine API Integration Tests - Serverless - Telemetry', + reportName: + 'Detection Engine - Telemetry Integration Tests - Serverless Env - Complete License', }, kbnTestServerArgs: [ `--xpack.securitySolution.enableExperimental=${JSON.stringify(['previewTelemetryUrlEnabled'])}`, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/user_roles/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/user_roles/configs/ess.config.ts index 59e01e74c719c..51ea7037f1d40 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/user_roles/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/user_roles/configs/ess.config.ts @@ -16,7 +16,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { ...functionalConfig.getAll(), testFiles: [require.resolve('..')], junit: { - reportName: 'Detection Engine ESS - User roles API Integration Tests', + reportName: 'Detection Engine - User Roles Integration Tests - ESS Env - Trial License', }, }; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/user_roles/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/user_roles/configs/serverless.config.ts index d8e9843c3eb92..a2dd062fa0ac3 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/user_roles/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/default_license/user_roles/configs/serverless.config.ts @@ -10,6 +10,7 @@ import { createTestConfig } from '../../../../../config/serverless/config.base'; export default createTestConfig({ testFiles: [require.resolve('..')], junit: { - reportName: 'Detection Engine Serverless - User roles API Integration Tests', + reportName: + 'Detection Engine - User Roles Integration Tests - Serverless Env - Complete License', }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/check_investigation_field_in_so.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/check_investigation_field_in_so.ts new file mode 100644 index 0000000000000..85aa6cac6c412 --- /dev/null +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/check_investigation_field_in_so.ts @@ -0,0 +1,29 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { Client } from '@elastic/elasticsearch'; +import { InvestigationFields } from '@kbn/security-solution-plugin/common/api/detection_engine'; +import { getRuleSOById } from './get_rule_so_by_id'; + +export const checkInvestigationFieldSoValue = async ( + ruleSO: RuleSO | undefined, + expectedSoValue: undefined | InvestigationFields, + es?: Client, + ruleId?: string +) => { + if (!ruleSO && es && ruleId) { + const { + hits: { + hits: [{ _source: rule }], + }, + } = await getRuleSOById(es, ruleId); + + return rule?.alert.params.investigationFields === expectedSoValue; + } + + return ruleSO?.alert.params.investigationFields === expectedSoValue; +}; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/index.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/index.ts index 90f3ae07871c8..501a5579fbfde 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/index.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/utils/rules/index.ts @@ -10,6 +10,7 @@ export * from './create_rule_with_exception_entries'; export * from './create_rule_saved_object'; export * from './create_rule_with_auth'; export * from './create_non_security_rule'; +export * from './check_investigation_field_in_so'; export * from './downgrade_immutable_rule'; export * from './delete_all_rules'; export * from './delete_rule'; diff --git a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/default_license/risk_engine/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/default_license/risk_engine/configs/ess.config.ts index 97686465c8073..db1ed95945baf 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/default_license/risk_engine/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/default_license/risk_engine/configs/ess.config.ts @@ -24,7 +24,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { }, testFiles: [require.resolve('..')], junit: { - reportName: 'Entity Analytics API Integration Tests - ESS - Risk Engine', + reportName: 'Entity Analytics - Risk Engine Integration Tests - ESS Env - Trial License', }, }; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/default_license/risk_engine/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/default_license/risk_engine/configs/serverless.config.ts index ccbbcd9dc8cb8..35f50c7ad9f40 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/default_license/risk_engine/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/default_license/risk_engine/configs/serverless.config.ts @@ -15,6 +15,7 @@ export default createTestConfig({ ], testFiles: [require.resolve('..')], junit: { - reportName: 'Entity Analytics API Integration Tests - Serverless - Risk Engine', + reportName: + 'Entity Analytics - Risk Engine Integration Tests - Serverless Env - Complete License', }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/configs/ess.config.ts index 366e0b956e370..3a0a941f48020 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/configs/ess.config.ts @@ -16,7 +16,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { ...functionalConfig.getAll(), testFiles: [require.resolve('..')], junit: { - reportName: 'Detection Engine ESS - Execption Lists and Items Integration Tests APIS', + reportName: 'Detection Engine - Exception Lists Integration Tests - ESS Env - Trial License', }, }; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/configs/serverless.config.ts index bb1410030e0db..989ebcd4a34f5 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/exception_lists_items/configs/serverless.config.ts @@ -10,6 +10,7 @@ import { createTestConfig } from '../../../../../config/serverless/config.base'; export default createTestConfig({ testFiles: [require.resolve('..')], junit: { - reportName: 'Detection Engine Serverless - Execption Lists and Items Integration Tests APIS', + reportName: + 'Detection Engine - Exception Lists Integration Tests - Serverless Env - Complete License', }, }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/configs/ess.config.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/configs/ess.config.ts index 522c44b41d85a..0af6ce99fbbb3 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/configs/ess.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/configs/ess.config.ts @@ -16,7 +16,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) { ...functionalConfig.getAll(), testFiles: [require.resolve('..')], junit: { - reportName: 'Detection Engine ESS - Lists and Items Integration Tests APIS', + reportName: 'Detection Engine - Value Lists Integration Tests - ESS Env - Trial License', }, }; } diff --git a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/configs/serverless.config.ts b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/configs/serverless.config.ts index 7e324d6e29836..f2e5509441e09 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/configs/serverless.config.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/lists_and_exception_lists/default_license/lists_items/configs/serverless.config.ts @@ -10,6 +10,7 @@ import { createTestConfig } from '../../../../../config/serverless/config.base'; export default createTestConfig({ testFiles: [require.resolve('..')], junit: { - reportName: 'Detection Engine Serverless - Lists and Items Integration Tests APIS', + reportName: + 'Detection Engine - Value Lists Integration Tests - Serverless Env - Complete License', }, });