From 7a916636b0033ebf856a1152147a598b30805fdc Mon Sep 17 00:00:00 2001 From: Dmitrii Shevchenko Date: Thu, 23 Feb 2023 16:15:48 +0100 Subject: [PATCH] [8.7] [Security Solution] Revisit prebuilt detection rules tests (#149502) (#151999) # Backport This will backport the following commits from `main` to `8.7`: - [[Security Solution] Revisit prebuilt detection rules tests (#149502)](https://github.com/elastic/kibana/pull/149502) ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) --- .../tests/common/cases/patch_cases.ts | 4 +- .../tests/common/comments/post_comment.ts | 4 +- .../internal/bulk_create_attachments.ts | 4 +- .../basic/tests/add_prepackaged_rules.ts | 78 ------ .../basic/tests/create_rules.ts | 4 +- .../basic/tests/create_rules_bulk.ts | 4 +- .../basic/tests/delete_rules.ts | 4 +- .../basic/tests/delete_rules_bulk.ts | 6 +- .../basic/tests/export_rules.ts | 4 +- .../basic/tests/find_rules.ts | 4 +- .../tests/get_prepackaged_rules_status.ts | 136 ---------- .../basic/tests/import_rules.ts | 4 +- .../basic/tests/index.ts | 2 - .../tests/install_prepackaged_timelines.ts | 4 +- .../basic/tests/open_close_signals.ts | 6 +- .../basic/tests/patch_rules.ts | 4 +- .../basic/tests/patch_rules_bulk.ts | 4 +- .../basic/tests/read_rules.ts | 4 +- .../basic/tests/update_rules.ts | 4 +- .../basic/tests/update_rules_bulk.ts | 4 +- .../security_and_spaces/group1/add_actions.ts | 4 +- .../group1/add_prepackaged_rules.ts | 114 -------- .../security_and_spaces/group1/aliases.ts | 4 +- .../group1/check_privileges.ts | 6 +- .../group1/create_new_terms.ts | 4 +- .../group1/create_rule_exceptions.ts | 4 +- .../group1/create_rules.ts | 6 +- .../group1/create_rules_bulk.ts | 6 +- .../group1/delete_rules.ts | 4 +- .../group1/delete_rules_bulk.ts | 6 +- .../group1/export_rules.ts | 4 +- .../group1/find_rule_exception_references.ts | 4 +- .../security_and_spaces/group1/find_rules.ts | 4 +- .../group1/fleet_integration.ts | 67 +++++ .../group1/get_prebuilt_rules_status.ts | 189 +++++++++++++ .../group1/get_prebuilt_timelines_status.ts | 50 ++++ .../group1/get_prepackaged_rules_status.ts | 136 ---------- .../group1/get_rule_management_filters.ts | 16 +- .../security_and_spaces/group1/index.ts | 6 +- .../group1/install_prebuilt_rules.ts | 250 ++++++++++++++++++ .../group1/preview_rules.ts | 4 +- .../group1/update_actions.ts | 14 +- .../group10/get_rule_execution_results.ts | 4 +- .../group10/ignore_fields.ts | 4 +- .../group10/import_export_rules.ts | 4 +- .../group10/import_rules.ts | 6 +- .../group10/open_close_signals.ts | 6 +- .../group10/patch_rules.ts | 4 +- .../group10/patch_rules_bulk.ts | 6 +- .../group10/perform_bulk_action.ts | 12 +- .../group10/perform_bulk_action_dry_run.ts | 8 +- .../security_and_spaces/group10/read_rules.ts | 4 +- .../group10/resolve_read_rules.ts | 4 +- .../security_and_spaces/group10/runtime.ts | 6 +- .../security_and_spaces/group10/throttle.ts | 4 +- .../security_and_spaces/group10/timestamps.ts | 8 +- .../group10/update_rules.ts | 4 +- .../group10/update_rules_bulk.ts | 6 +- .../group2/create_endpoint_exceptions.ts | 4 +- .../group3/create_exceptions.ts | 42 +-- .../group4/telemetry/task_based/all_types.ts | 4 +- .../telemetry/task_based/detection_rules.ts | 12 +- .../telemetry/task_based/security_lists.ts | 4 +- .../telemetry/usage_collector/all_types.ts | 4 +- .../usage_collector/detection_rule_status.ts | 4 +- .../usage_collector/detection_rules.ts | 20 +- .../group5/keyword_family/const_keyword.ts | 4 +- .../group5/keyword_family/keyword.ts | 4 +- .../keyword_mixed_with_const.ts | 4 +- .../group6/alerts/alerts_compatibility.ts | 12 +- .../exception_operators_data_types/date.ts | 4 +- .../exception_operators_data_types/double.ts | 4 +- .../exception_operators_data_types/float.ts | 4 +- .../exception_operators_data_types/integer.ts | 4 +- .../exception_operators_data_types/keyword.ts | 4 +- .../keyword_array.ts | 4 +- .../exception_operators_data_types/long.ts | 4 +- .../exception_operators_data_types/text.ts | 4 +- .../exception_operators_data_types/ip.ts | 4 +- .../ip_array.ts | 4 +- .../text_array.ts | 4 +- .../rule_execution_logic/eql.ts | 4 +- .../rule_execution_logic/machine_learning.ts | 4 +- .../rule_execution_logic/new_terms.ts | 4 +- .../rule_execution_logic/non_ecs_fields.ts | 4 +- .../rule_execution_logic/query.ts | 4 +- .../rule_execution_logic/saved_query.ts | 4 +- .../rule_execution_logic/threat_match.ts | 4 +- .../security_and_spaces/tests/import_rules.ts | 6 +- .../create_prebuilt_rule_saved_objects.ts | 72 ----- .../utils/create_rule.ts | 2 +- ...lete_all_alerts.ts => delete_all_rules.ts} | 4 +- .../utils/delete_rule.ts | 13 +- .../utils/get_prepackaged_rule_status.ts | 34 --- .../utils/index.ts | 11 +- .../create_prebuilt_rule_saved_objects.ts | 111 ++++++++ .../delete_all_prebuilt_rule_assets.ts} | 5 +- .../delete_prebuilt_rules_fleet_package.ts | 32 +++ ...get_prebuilt_rules_and_timelines_status.ts | 29 ++ .../install_mock_prebuilt_rules.ts} | 29 +- .../install_prebuilt_rules_and_timelines.ts | 37 +++ .../install_prebuilt_rules_fleet_package.ts} | 55 ++-- .../tests/basic/search_strategy.ts | 4 +- .../services/detections/index.ts | 2 +- 104 files changed, 1052 insertions(+), 864 deletions(-) delete mode 100644 x-pack/test/detection_engine_api_integration/basic/tests/add_prepackaged_rules.ts delete mode 100644 x-pack/test/detection_engine_api_integration/basic/tests/get_prepackaged_rules_status.ts delete mode 100644 x-pack/test/detection_engine_api_integration/security_and_spaces/group1/add_prepackaged_rules.ts create mode 100644 x-pack/test/detection_engine_api_integration/security_and_spaces/group1/fleet_integration.ts create mode 100644 x-pack/test/detection_engine_api_integration/security_and_spaces/group1/get_prebuilt_rules_status.ts create mode 100644 x-pack/test/detection_engine_api_integration/security_and_spaces/group1/get_prebuilt_timelines_status.ts delete mode 100644 x-pack/test/detection_engine_api_integration/security_and_spaces/group1/get_prepackaged_rules_status.ts create mode 100644 x-pack/test/detection_engine_api_integration/security_and_spaces/group1/install_prebuilt_rules.ts delete mode 100644 x-pack/test/detection_engine_api_integration/utils/create_prebuilt_rule_saved_objects.ts rename x-pack/test/detection_engine_api_integration/utils/{delete_all_alerts.ts => delete_all_rules.ts} (95%) delete mode 100644 x-pack/test/detection_engine_api_integration/utils/get_prepackaged_rule_status.ts create mode 100644 x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/create_prebuilt_rule_saved_objects.ts rename x-pack/test/detection_engine_api_integration/utils/{delete_all_prebuilt_rules.ts => prebuilt_rules/delete_all_prebuilt_rule_assets.ts} (75%) create mode 100644 x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/delete_prebuilt_rules_fleet_package.ts create mode 100644 x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/get_prebuilt_rules_and_timelines_status.ts rename x-pack/test/detection_engine_api_integration/utils/{install_prepackaged_rules.ts => prebuilt_rules/install_mock_prebuilt_rules.ts} (51%) create mode 100644 x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_prebuilt_rules_and_timelines.ts rename x-pack/test/detection_engine_api_integration/utils/{install_detection_rules_package_from_fleet.ts => prebuilt_rules/install_prebuilt_rules_fleet_package.ts} (57%) diff --git a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/patch_cases.ts b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/patch_cases.ts index ea30095f8b832..eabbeb0b9b9df 100644 --- a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/patch_cases.ts +++ b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/cases/patch_cases.ts @@ -41,7 +41,7 @@ import { import { createSignalsIndex, deleteSignalsIndex, - deleteAllAlerts, + deleteAllRules, getRuleForSignalTesting, waitForRuleSuccessOrStatus, waitForSignalsToBePresent, @@ -795,7 +795,7 @@ export default ({ getService }: FtrProviderContext): void => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); await esArchiver.unload('x-pack/test/functional/es_archives/auditbeat/hosts'); }); diff --git a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/post_comment.ts b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/post_comment.ts index 69274e7a836f1..2a5e9f38fd0ea 100644 --- a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/post_comment.ts +++ b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/comments/post_comment.ts @@ -40,7 +40,7 @@ import { import { createSignalsIndex, deleteSignalsIndex, - deleteAllAlerts, + deleteAllRules, getRuleForSignalTesting, waitForRuleSuccessOrStatus, waitForSignalsToBePresent, @@ -358,7 +358,7 @@ export default ({ getService }: FtrProviderContext): void => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); await esArchiver.unload('x-pack/test/functional/es_archives/auditbeat/hosts'); }); diff --git a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/internal/bulk_create_attachments.ts b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/internal/bulk_create_attachments.ts index 27a7c54e68ecf..fb25c5d53ea7a 100644 --- a/x-pack/test/cases_api_integration/security_and_spaces/tests/common/internal/bulk_create_attachments.ts +++ b/x-pack/test/cases_api_integration/security_and_spaces/tests/common/internal/bulk_create_attachments.ts @@ -39,7 +39,7 @@ import { import { createSignalsIndex, deleteSignalsIndex, - deleteAllAlerts, + deleteAllRules, getRuleForSignalTesting, waitForRuleSuccessOrStatus, waitForSignalsToBePresent, @@ -475,7 +475,7 @@ export default ({ getService }: FtrProviderContext): void => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); await esArchiver.unload('x-pack/test/functional/es_archives/auditbeat/hosts'); }); diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/add_prepackaged_rules.ts b/x-pack/test/detection_engine_api_integration/basic/tests/add_prepackaged_rules.ts deleted file mode 100644 index b9e4d3de355de..0000000000000 --- a/x-pack/test/detection_engine_api_integration/basic/tests/add_prepackaged_rules.ts +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { PREBUILT_RULES_STATUS_URL } from '@kbn/security-solution-plugin/common/detection_engine/prebuilt_rules'; -import expect from 'expect'; -import { FtrProviderContext } from '../../common/ftr_provider_context'; -import { - createSignalsIndex, - deleteAllAlerts, - deleteAllTimelines, - deleteSignalsIndex, - installPrePackagedRules, - waitFor, -} from '../../utils'; - -// eslint-disable-next-line import/no-default-export -export default ({ getService }: FtrProviderContext): void => { - const es = getService('es'); - const supertest = getService('supertest'); - const log = getService('log'); - - describe('add_prepackaged_rules', () => { - describe('creating prepackaged rules', () => { - beforeEach(async () => { - await createSignalsIndex(supertest, log); - }); - - afterEach(async () => { - await deleteSignalsIndex(supertest, log); - - await deleteAllAlerts(supertest, log); - await deleteAllTimelines(es); - }); - - it('should create the prepackaged rules and return a count greater than zero, rules_updated to be zero, and contain the correct keys', async () => { - const response = await installPrePackagedRules(supertest, es, log); - - expect(response?.rules_installed).toBeGreaterThan(0); - expect(response?.rules_updated).toBe(0); - expect(response).toEqual( - expect.objectContaining({ - rules_installed: expect.any(Number), - rules_updated: expect.any(Number), - timelines_installed: expect.any(Number), - timelines_updated: expect.any(Number), - }) - ); - }); - - it('should be possible to call the API twice and the second time the number of rules installed should be zero as well as timeline', async () => { - await installPrePackagedRules(supertest, es, log); - - // NOTE: I call the GET call until eventually it becomes consistent and that the number of rules to install are zero. - // This is to reduce flakiness where it can for a short period of time try to install the same rule twice. - await waitFor( - async () => { - const { body } = await supertest - .get(PREBUILT_RULES_STATUS_URL) - .set('kbn-xsrf', 'true') - .expect(200); - return body.rules_not_installed === 0; - }, - PREBUILT_RULES_STATUS_URL, - log - ); - - const response = await installPrePackagedRules(supertest, es, log); - - expect(response?.rules_installed).toBe(0); - expect(response?.timelines_installed).toBe(0); - }); - }); - }); -}; diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/create_rules.ts b/x-pack/test/detection_engine_api_integration/basic/tests/create_rules.ts index 55183b48d78f9..da25991d1d25b 100644 --- a/x-pack/test/detection_engine_api_integration/basic/tests/create_rules.ts +++ b/x-pack/test/detection_engine_api_integration/basic/tests/create_rules.ts @@ -12,7 +12,7 @@ import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getSimpleRule, getSimpleRuleOutput, @@ -45,7 +45,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should create a single rule with a rule_id', async () => { diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/create_rules_bulk.ts b/x-pack/test/detection_engine_api_integration/basic/tests/create_rules_bulk.ts index 3bdd1cc914d35..98b49c08d1af8 100644 --- a/x-pack/test/detection_engine_api_integration/basic/tests/create_rules_bulk.ts +++ b/x-pack/test/detection_engine_api_integration/basic/tests/create_rules_bulk.ts @@ -11,7 +11,7 @@ import { DETECTION_ENGINE_RULES_BULK_CREATE } from '@kbn/security-solution-plugi import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getSimpleRule, getSimpleRuleOutput, @@ -43,7 +43,7 @@ export default ({ getService }: FtrProviderContext): void => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should create a single rule with a rule_id', async () => { diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/delete_rules.ts b/x-pack/test/detection_engine_api_integration/basic/tests/delete_rules.ts index 7dc77d7c1ab9b..e924339dae42f 100644 --- a/x-pack/test/detection_engine_api_integration/basic/tests/delete_rules.ts +++ b/x-pack/test/detection_engine_api_integration/basic/tests/delete_rules.ts @@ -12,7 +12,7 @@ import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createRule, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getSimpleRule, getSimpleRuleOutput, @@ -35,7 +35,7 @@ export default ({ getService }: FtrProviderContext): void => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should delete a single rule with a rule_id', async () => { diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/delete_rules_bulk.ts b/x-pack/test/detection_engine_api_integration/basic/tests/delete_rules_bulk.ts index 6d48b558d18a2..a116e4962be2f 100644 --- a/x-pack/test/detection_engine_api_integration/basic/tests/delete_rules_bulk.ts +++ b/x-pack/test/detection_engine_api_integration/basic/tests/delete_rules_bulk.ts @@ -12,7 +12,7 @@ import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createRule, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getSimpleRule, getSimpleRuleOutput, @@ -35,7 +35,7 @@ export default ({ getService }: FtrProviderContext): void => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should delete a single rule with a rule_id', async () => { @@ -147,7 +147,7 @@ export default ({ getService }: FtrProviderContext): void => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should delete a single rule with a rule_id', async () => { diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/export_rules.ts b/x-pack/test/detection_engine_api_integration/basic/tests/export_rules.ts index 2d1ddd342a549..63687a5ac284a 100644 --- a/x-pack/test/detection_engine_api_integration/basic/tests/export_rules.ts +++ b/x-pack/test/detection_engine_api_integration/basic/tests/export_rules.ts @@ -13,7 +13,7 @@ import { binaryToString, createRule, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getSimpleRule, getSimpleRuleOutput, @@ -33,7 +33,7 @@ export default ({ getService }: FtrProviderContext): void => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should set the response content types to be expected', async () => { diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/find_rules.ts b/x-pack/test/detection_engine_api_integration/basic/tests/find_rules.ts index de445454f54ce..eae9dc07564aa 100644 --- a/x-pack/test/detection_engine_api_integration/basic/tests/find_rules.ts +++ b/x-pack/test/detection_engine_api_integration/basic/tests/find_rules.ts @@ -12,7 +12,7 @@ import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createRule, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getComplexRule, getComplexRuleOutput, @@ -33,7 +33,7 @@ export default ({ getService }: FtrProviderContext): void => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should return an empty find body correctly if no rules are loaded', async () => { diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/get_prepackaged_rules_status.ts b/x-pack/test/detection_engine_api_integration/basic/tests/get_prepackaged_rules_status.ts deleted file mode 100644 index 244d8d677ae14..0000000000000 --- a/x-pack/test/detection_engine_api_integration/basic/tests/get_prepackaged_rules_status.ts +++ /dev/null @@ -1,136 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import expect from '@kbn/expect'; - -import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants'; -import { - PREBUILT_RULES_STATUS_URL, - PREBUILT_RULES_URL, -} from '@kbn/security-solution-plugin/common/detection_engine/prebuilt_rules'; - -import { FtrProviderContext } from '../../common/ftr_provider_context'; -import { - createSignalsIndex, - deleteAllAlerts, - deleteSignalsIndex, - getSimpleRule, - deleteAllTimelines, -} from '../../utils'; -import { createPrebuiltRuleAssetSavedObjects } from '../../utils/create_prebuilt_rule_saved_objects'; -import { deleteAllPrebuiltRules } from '../../utils/delete_all_prebuilt_rules'; - -// eslint-disable-next-line import/no-default-export -export default ({ getService }: FtrProviderContext): void => { - const supertest = getService('supertest'); - const es = getService('es'); - const log = getService('log'); - - describe('get_prepackaged_rules_status', () => { - describe('getting prepackaged rules status', () => { - beforeEach(async () => { - await createSignalsIndex(supertest, log); - await createPrebuiltRuleAssetSavedObjects(es); - }); - - afterEach(async () => { - await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); - await deleteAllTimelines(es); - await deleteAllPrebuiltRules(es); - }); - - it('should return expected JSON keys of the pre-packaged rules and pre-packaged timelines status', async () => { - const { body } = await supertest - .get(PREBUILT_RULES_STATUS_URL) - .set('kbn-xsrf', 'true') - .send() - .expect(200); - - expect(Object.keys(body)).to.eql([ - 'rules_custom_installed', - 'rules_installed', - 'rules_not_installed', - 'rules_not_updated', - 'timelines_installed', - 'timelines_not_installed', - 'timelines_not_updated', - ]); - }); - - it('should return that rules_not_installed are greater than zero', async () => { - const { body } = await supertest - .get(PREBUILT_RULES_STATUS_URL) - .set('kbn-xsrf', 'true') - .send() - .expect(200); - expect(body.rules_not_installed).to.be.greaterThan(0); - }); - - it('should return that timelines_not_installed are greater than zero', async () => { - const { body } = await supertest - .get(PREBUILT_RULES_STATUS_URL) - .set('kbn-xsrf', 'true') - .send() - .expect(200); - expect(body.timelines_not_installed).to.be.greaterThan(0); - }); - - it('should return that rules_custom_installed, rules_installed, and rules_not_updated are zero', async () => { - const { body } = await supertest - .get(PREBUILT_RULES_STATUS_URL) - .set('kbn-xsrf', 'true') - .send() - .expect(200); - expect(body.rules_custom_installed).to.eql(0); - expect(body.rules_installed).to.eql(0); - expect(body.rules_not_updated).to.eql(0); - }); - - it('should return that timelines_installed, and timelines_not_updated are zero', async () => { - const { body } = await supertest - .get(PREBUILT_RULES_STATUS_URL) - .set('kbn-xsrf', 'true') - .send() - .expect(200); - expect(body.timelines_installed).to.eql(0); - expect(body.timelines_not_updated).to.eql(0); - }); - - it('should show that one custom rule is installed when a custom rule is added', async () => { - await supertest - .post(DETECTION_ENGINE_RULES_URL) - .set('kbn-xsrf', 'true') - .send(getSimpleRule()) - .expect(200); - - const { body } = await supertest - .get(PREBUILT_RULES_STATUS_URL) - .set('kbn-xsrf', 'true') - .send() - .expect(200); - expect(body.rules_custom_installed).to.eql(1); - expect(body.rules_installed).to.eql(0); - expect(body.rules_not_updated).to.eql(0); - expect(body.timelines_installed).to.eql(0); - expect(body.timelines_not_updated).to.eql(0); - }); - - it('should show rules and timelines are installed when adding pre-packaged rules', async () => { - await supertest.put(PREBUILT_RULES_URL).set('kbn-xsrf', 'true').send().expect(200); - - const { body } = await supertest - .get(PREBUILT_RULES_STATUS_URL) - .set('kbn-xsrf', 'true') - .send() - .expect(200); - expect(body.rules_installed).to.be.greaterThan(0); - expect(body.timelines_installed).to.be.greaterThan(0); - }); - }); - }); -}; diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/import_rules.ts b/x-pack/test/detection_engine_api_integration/basic/tests/import_rules.ts index 2630174529b75..774c0f8607058 100644 --- a/x-pack/test/detection_engine_api_integration/basic/tests/import_rules.ts +++ b/x-pack/test/detection_engine_api_integration/basic/tests/import_rules.ts @@ -11,7 +11,7 @@ import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getSimpleRule, getSimpleRuleAsNdjson, @@ -33,7 +33,7 @@ export default ({ getService }: FtrProviderContext): void => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should set the response content types to be expected', async () => { diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/index.ts b/x-pack/test/detection_engine_api_integration/basic/tests/index.ts index c70d7520dd425..ffcffb706bcec 100644 --- a/x-pack/test/detection_engine_api_integration/basic/tests/index.ts +++ b/x-pack/test/detection_engine_api_integration/basic/tests/index.ts @@ -10,14 +10,12 @@ import { FtrProviderContext } from '../../common/ftr_provider_context'; // eslint-disable-next-line import/no-default-export export default ({ loadTestFile }: FtrProviderContext): void => { describe('detection engine api basic license', function () { - loadTestFile(require.resolve('./add_prepackaged_rules')); loadTestFile(require.resolve('./create_rules')); loadTestFile(require.resolve('./create_rules_bulk')); loadTestFile(require.resolve('./delete_rules')); loadTestFile(require.resolve('./delete_rules_bulk')); loadTestFile(require.resolve('./export_rules')); loadTestFile(require.resolve('./find_rules')); - loadTestFile(require.resolve('./get_prepackaged_rules_status')); loadTestFile(require.resolve('./import_rules')); loadTestFile(require.resolve('./read_rules')); loadTestFile(require.resolve('./update_rules')); diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/install_prepackaged_timelines.ts b/x-pack/test/detection_engine_api_integration/basic/tests/install_prepackaged_timelines.ts index 016d04c64f577..14b51b5d4af31 100644 --- a/x-pack/test/detection_engine_api_integration/basic/tests/install_prepackaged_timelines.ts +++ b/x-pack/test/detection_engine_api_integration/basic/tests/install_prepackaged_timelines.ts @@ -11,7 +11,7 @@ import { TIMELINE_PREPACKAGED_URL } from '@kbn/security-solution-plugin/common/c import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteAllTimelines, deleteSignalsIndex, waitFor, @@ -31,7 +31,7 @@ export default ({ getService }: FtrProviderContext): void => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); await deleteAllTimelines(es); }); diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/open_close_signals.ts b/x-pack/test/detection_engine_api_integration/basic/tests/open_close_signals.ts index 3ac8e7bb8b574..bb1bcd47b52f0 100644 --- a/x-pack/test/detection_engine_api_integration/basic/tests/open_close_signals.ts +++ b/x-pack/test/detection_engine_api_integration/basic/tests/open_close_signals.ts @@ -20,7 +20,7 @@ import { deleteSignalsIndex, setSignalStatus, getQuerySignalIds, - deleteAllAlerts, + deleteAllRules, createRule, waitForSignalsToBePresent, getSignalsByIds, @@ -45,13 +45,13 @@ export default ({ getService }: FtrProviderContext) => { }); beforeEach(async () => { - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); await createSignalsIndex(supertest, log); }); afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should be able to execute and get 10 signals', async () => { diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/patch_rules.ts b/x-pack/test/detection_engine_api_integration/basic/tests/patch_rules.ts index ae92c294867ce..21de2d8e3e432 100644 --- a/x-pack/test/detection_engine_api_integration/basic/tests/patch_rules.ts +++ b/x-pack/test/detection_engine_api_integration/basic/tests/patch_rules.ts @@ -11,7 +11,7 @@ import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getSimpleRule, getSimpleRuleOutput, @@ -34,7 +34,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should patch a single rule property of name using a rule_id', async () => { diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/patch_rules_bulk.ts b/x-pack/test/detection_engine_api_integration/basic/tests/patch_rules_bulk.ts index a79c9e19857b8..54fb2948e9c61 100644 --- a/x-pack/test/detection_engine_api_integration/basic/tests/patch_rules_bulk.ts +++ b/x-pack/test/detection_engine_api_integration/basic/tests/patch_rules_bulk.ts @@ -11,7 +11,7 @@ import { DETECTION_ENGINE_RULES_BULK_UPDATE } from '@kbn/security-solution-plugi import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getSimpleRule, getSimpleRuleOutput, @@ -34,7 +34,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should patch a single rule property of name using a rule_id', async () => { diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/read_rules.ts b/x-pack/test/detection_engine_api_integration/basic/tests/read_rules.ts index e37c17d35ccdf..d5cdecf0a8a66 100644 --- a/x-pack/test/detection_engine_api_integration/basic/tests/read_rules.ts +++ b/x-pack/test/detection_engine_api_integration/basic/tests/read_rules.ts @@ -12,7 +12,7 @@ import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createRule, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getSimpleRule, getSimpleRuleOutput, @@ -35,7 +35,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should be able to read a single rule using rule_id', async () => { diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/update_rules.ts b/x-pack/test/detection_engine_api_integration/basic/tests/update_rules.ts index 0a8ac78019630..0f9e7276b8798 100644 --- a/x-pack/test/detection_engine_api_integration/basic/tests/update_rules.ts +++ b/x-pack/test/detection_engine_api_integration/basic/tests/update_rules.ts @@ -11,7 +11,7 @@ import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getSimpleRuleOutput, removeServerGeneratedProperties, @@ -36,7 +36,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should update a single rule property of name using a rule_id', async () => { diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/update_rules_bulk.ts b/x-pack/test/detection_engine_api_integration/basic/tests/update_rules_bulk.ts index b614c1defa761..03a0fa5b3963a 100644 --- a/x-pack/test/detection_engine_api_integration/basic/tests/update_rules_bulk.ts +++ b/x-pack/test/detection_engine_api_integration/basic/tests/update_rules_bulk.ts @@ -14,7 +14,7 @@ import { import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getSimpleRuleOutput, removeServerGeneratedProperties, @@ -38,7 +38,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should update a single rule property of name using a rule_id', async () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/add_actions.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/add_actions.ts index 94a8b58ff70a0..14c25bfd276fd 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/add_actions.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/add_actions.ts @@ -11,7 +11,7 @@ import { RuleCreateProps } from '@kbn/security-solution-plugin/common/detection_ import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, removeServerGeneratedProperties, getWebHookAction, @@ -43,7 +43,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should be able to create a new webhook action and attach it to a rule', async () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/add_prepackaged_rules.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/add_prepackaged_rules.ts deleted file mode 100644 index 9b2d593ff8c56..0000000000000 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/add_prepackaged_rules.ts +++ /dev/null @@ -1,114 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import expect from '@kbn/expect'; -import { - PREBUILT_RULES_STATUS_URL, - PREBUILT_RULES_URL, - InstallPrebuiltRulesAndTimelinesResponse, -} from '@kbn/security-solution-plugin/common/detection_engine/prebuilt_rules'; - -import { FtrProviderContext } from '../../common/ftr_provider_context'; -import { - createSignalsIndex, - deleteAllAlerts, - deleteAllTimelines, - deleteSignalsIndex, - installPrePackagedRules, - waitFor, -} from '../../utils'; -import { createPrebuiltRuleAssetSavedObjects } from '../../utils/create_prebuilt_rule_saved_objects'; -import { deleteAllPrebuiltRules } from '../../utils/delete_all_prebuilt_rules'; - -// eslint-disable-next-line import/no-default-export -export default ({ getService }: FtrProviderContext): void => { - const es = getService('es'); - const supertest = getService('supertest'); - const log = getService('log'); - - describe('add_prepackaged_rules', () => { - describe('creating prepackaged rules', () => { - beforeEach(async () => { - await createSignalsIndex(supertest, log); - await createPrebuiltRuleAssetSavedObjects(es); - }); - - afterEach(async () => { - await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); - await deleteAllTimelines(es); - await deleteAllPrebuiltRules(es); - }); - - it('should create the prepackaged rules and return a count greater than zero, rules_updated to be zero, and contain the correct keys', async () => { - let responseBody: unknown; - await waitFor( - async () => { - const { body, status } = await supertest - .put(PREBUILT_RULES_URL) - .set('kbn-xsrf', 'true') - .send(); - if (status === 200) { - responseBody = body; - } - return status === 200; - }, - PREBUILT_RULES_URL, - log - ); - - const prepackagedRules = responseBody as InstallPrebuiltRulesAndTimelinesResponse; - expect(prepackagedRules.rules_installed).to.be.greaterThan(0); - expect(prepackagedRules.rules_updated).to.eql(0); - expect(Object.keys(prepackagedRules)).to.eql([ - 'rules_installed', - 'rules_updated', - 'timelines_installed', - 'timelines_updated', - ]); - }); - - it('should be possible to call the API twice and the second time the number of rules installed should be zero as well as timeline', async () => { - await installPrePackagedRules(supertest, es, log); - - // NOTE: I call the GET call until eventually it becomes consistent and that the number of rules to install are zero. - // This is to reduce flakiness where it can for a short period of time try to install the same rule twice. - await waitFor( - async () => { - const { body } = await supertest - .get(PREBUILT_RULES_STATUS_URL) - .set('kbn-xsrf', 'true') - .expect(200); - return body.rules_not_installed === 0; - }, - PREBUILT_RULES_STATUS_URL, - log - ); - - let responseBody: unknown; - await waitFor( - async () => { - const { body, status } = await supertest - .put(PREBUILT_RULES_URL) - .set('kbn-xsrf', 'true') - .send(); - if (status === 200) { - responseBody = body; - } - return status === 200; - }, - PREBUILT_RULES_URL, - log - ); - - const prepackagedRules = responseBody as InstallPrebuiltRulesAndTimelinesResponse; - expect(prepackagedRules.rules_installed).to.eql(0); - expect(prepackagedRules.timelines_installed).to.eql(0); - }); - }); - }); -}; diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/aliases.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/aliases.ts index c2616d1155c40..b66a382548d9e 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/aliases.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/aliases.ts @@ -11,7 +11,7 @@ import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createRule, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getRuleForSignalTesting, getSignalsById, @@ -44,7 +44,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should keep the original alias value such as "host_alias" from a source index when the value is indexed', async () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/check_privileges.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/check_privileges.ts index b4ae68bb8d61c..7c324036116c9 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/check_privileges.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/check_privileges.ts @@ -14,7 +14,7 @@ import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createSignalsIndex, deleteSignalsIndex, - deleteAllAlerts, + deleteAllRules, waitForRuleSuccessOrStatus, getRuleForSignalTesting, createRuleWithAuth, @@ -43,11 +43,11 @@ export default ({ getService }: FtrProviderContext) => { }); beforeEach(async () => { - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); afterEach(async () => { - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); describe('should set status to partial failure when user has no access', () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/create_new_terms.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/create_new_terms.ts index c7ac470f1c8f2..7f17d077771a7 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/create_new_terms.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/create_new_terms.ts @@ -10,7 +10,7 @@ import expect from '@kbn/expect'; import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants'; import { getCreateNewTermsRulesSchemaMock } from '@kbn/security-solution-plugin/common/detection_engine/rule_schema/mocks'; import { FtrProviderContext } from '../../common/ftr_provider_context'; -import { deleteAllAlerts } from '../../utils'; +import { deleteAllRules } from '../../utils'; // eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext) => { @@ -22,7 +22,7 @@ export default ({ getService }: FtrProviderContext) => { */ describe('create_new_terms', () => { afterEach(async () => { - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should not be able to create a new terms rule with too small history window', async () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/create_rule_exceptions.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/create_rule_exceptions.ts index 0dae06f71322c..ceb17bf6ddeab 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/create_rule_exceptions.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/create_rule_exceptions.ts @@ -22,7 +22,7 @@ import { getSimpleRule, createSignalsIndex, deleteSignalsIndex, - deleteAllAlerts, + deleteAllRules, createExceptionList, } from '../../utils'; import { @@ -57,7 +57,7 @@ export default ({ getService }: FtrProviderContext) => { after(async () => { await deleteAllExceptions(supertest, log); await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('creates and associates a `rule_default` exception list to a rule if one not already found', async () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/create_rules.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/create_rules.ts index 6ddbe82e7d5cf..1975e8b5133e0 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/create_rules.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/create_rules.ts @@ -16,7 +16,7 @@ import { ROLES } from '@kbn/security-solution-plugin/common/test'; import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getSimpleRule, getSimpleRuleOutput, @@ -58,7 +58,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); describe('saved query', () => { @@ -499,7 +499,7 @@ export default ({ getService }: FtrProviderContext) => { }); afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); await esArchiver.unload( 'x-pack/test/functional/es_archives/security_solution/timestamp_override' ); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/create_rules_bulk.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/create_rules_bulk.ts index aa1cb11642255..cc6cdc2721091 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/create_rules_bulk.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/create_rules_bulk.ts @@ -16,7 +16,7 @@ import { ExceptionListTypeEnum } from '@kbn/securitysolution-io-ts-list-types'; import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getRuleForSignalTesting, getSimpleRule, @@ -37,7 +37,7 @@ export default ({ getService }: FtrProviderContext): void => { describe('create_rules_bulk', () => { describe('deprecations', () => { afterEach(async () => { - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should return a warning header', async () => { @@ -68,7 +68,7 @@ export default ({ getService }: FtrProviderContext): void => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should create a single rule with a rule_id', async () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/delete_rules.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/delete_rules.ts index f138bad4b9d2c..2c39672b0956c 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/delete_rules.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/delete_rules.ts @@ -14,7 +14,7 @@ import { createLegacyRuleAction, createRule, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getSimpleRule, getSimpleRuleOutput, @@ -39,7 +39,7 @@ export default ({ getService }: FtrProviderContext): void => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should delete a single rule with a rule_id', async () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/delete_rules_bulk.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/delete_rules_bulk.ts index d05dcb690994c..8b06e70a5fd63 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/delete_rules_bulk.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/delete_rules_bulk.ts @@ -14,7 +14,7 @@ import { createLegacyRuleAction, createRule, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getSimpleRule, getSimpleRuleOutput, @@ -55,7 +55,7 @@ export default ({ getService }: FtrProviderContext): void => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should delete a single rule with a rule_id', async () => { @@ -167,7 +167,7 @@ export default ({ getService }: FtrProviderContext): void => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should delete a single rule with a rule_id', async () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/export_rules.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/export_rules.ts index 60af78ec6cff9..56ee845c734d6 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/export_rules.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/export_rules.ts @@ -13,7 +13,7 @@ import { binaryToString, createRule, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getSimpleRule, getSimpleRuleOutput, @@ -34,7 +34,7 @@ export default ({ getService }: FtrProviderContext): void => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should set the response content types to be expected', async () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/find_rule_exception_references.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/find_rule_exception_references.ts index 6ddc5dafaafa1..a947242101ca3 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/find_rule_exception_references.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/find_rule_exception_references.ts @@ -26,7 +26,7 @@ import { getSimpleRule, createSignalsIndex, deleteSignalsIndex, - deleteAllAlerts, + deleteAllRules, createExceptionList, } from '../../utils'; import { deleteAllExceptions } from '../../../lists_api_integration/utils'; @@ -43,7 +43,7 @@ export default ({ getService }: FtrProviderContext) => { after(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); afterEach(async () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/find_rules.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/find_rules.ts index f2e5e19ed182f..8c3e1fe76dac9 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/find_rules.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/find_rules.ts @@ -12,7 +12,7 @@ import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createRule, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getComplexRule, getComplexRuleOutput, @@ -34,7 +34,7 @@ export default ({ getService }: FtrProviderContext): void => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should return an empty find body correctly if no rules are loaded', async () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/fleet_integration.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/fleet_integration.ts new file mode 100644 index 0000000000000..2aaa0778ccf5e --- /dev/null +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/fleet_integration.ts @@ -0,0 +1,67 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import expect from 'expect'; +import { FtrProviderContext } from '../../common/ftr_provider_context'; +import { + deleteAllRules, + deleteAllTimelines, + getPrebuiltRulesAndTimelinesStatus, +} from '../../utils'; +import { deleteAllPrebuiltRuleAssets } from '../../utils/prebuilt_rules/delete_all_prebuilt_rule_assets'; +import { installPrebuiltRulesFleetPackage } from '../../utils/prebuilt_rules/install_prebuilt_rules_fleet_package'; +import { installPrebuiltRulesAndTimelines } from '../../utils/prebuilt_rules/install_prebuilt_rules_and_timelines'; +import { deletePrebuiltRulesFleetPackage } from '../../utils/prebuilt_rules/delete_prebuilt_rules_fleet_package'; + +// eslint-disable-next-line import/no-default-export +export default ({ getService }: FtrProviderContext): void => { + const es = getService('es'); + const supertest = getService('supertest'); + const log = getService('log'); + + describe('install_prebuilt_rules_from_real_package', () => { + beforeEach(async () => { + await deletePrebuiltRulesFleetPackage(supertest); + await deleteAllRules(supertest, log); + await deleteAllTimelines(es); + await deleteAllPrebuiltRuleAssets(es); + }); + + /** + * Unlike other tests that use mocks, this test uses actual rules from the + * package storage and checks that they are installed. + */ + it('should install prebuilt rules from the package storage', async () => { + // Verify that status is empty before package installation + const statusBeforePackageInstallation = await getPrebuiltRulesAndTimelinesStatus(supertest); + expect(statusBeforePackageInstallation.rules_installed).toBe(0); + expect(statusBeforePackageInstallation.rules_not_installed).toBe(0); + expect(statusBeforePackageInstallation.rules_not_updated).toBe(0); + + await installPrebuiltRulesFleetPackage({ + supertest, + overrideExistingPackage: true, + }); + + // Verify that status is updated after package installation + const statusAfterPackageInstallation = await getPrebuiltRulesAndTimelinesStatus(supertest); + expect(statusAfterPackageInstallation.rules_installed).toBe(0); + expect(statusAfterPackageInstallation.rules_not_installed).toBeGreaterThan(0); + expect(statusAfterPackageInstallation.rules_not_updated).toBe(0); + + // Verify that all previously not installed rules were installed + const response = await installPrebuiltRulesAndTimelines(supertest); + expect(response.rules_installed).toBe(statusAfterPackageInstallation.rules_not_installed); + expect(response.rules_updated).toBe(0); + + // Verify that status is updated after rules installation + const statusAfterRuleInstallation = await getPrebuiltRulesAndTimelinesStatus(supertest); + expect(statusAfterRuleInstallation.rules_installed).toBe(response.rules_installed); + expect(statusAfterRuleInstallation.rules_not_installed).toBe(0); + expect(statusAfterRuleInstallation.rules_not_updated).toBe(0); + }); + }); +}; diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/get_prebuilt_rules_status.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/get_prebuilt_rules_status.ts new file mode 100644 index 0000000000000..2252c8317632a --- /dev/null +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/get_prebuilt_rules_status.ts @@ -0,0 +1,189 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import expect from 'expect'; +import { FtrProviderContext } from '../../common/ftr_provider_context'; +import { + createRule, + deleteAllRules, + getPrebuiltRulesAndTimelinesStatus, + getSimpleRule, + installPrebuiltRulesAndTimelines, +} from '../../utils'; +import { + createHistoricalPrebuiltRuleAssetSavedObjects, + createPrebuiltRuleAssetSavedObjects, + createRuleAssetSavedObject, +} from '../../utils/prebuilt_rules/create_prebuilt_rule_saved_objects'; +import { deleteAllPrebuiltRuleAssets } from '../../utils/prebuilt_rules/delete_all_prebuilt_rule_assets'; + +// eslint-disable-next-line import/no-default-export +export default ({ getService }: FtrProviderContext): void => { + const supertest = getService('supertest'); + const es = getService('es'); + const log = getService('log'); + + describe('get_prebuilt_rules_status', () => { + beforeEach(async () => { + await deleteAllPrebuiltRuleAssets(es); + await deleteAllRules(supertest, log); + }); + + it('should return empty structure when no rules package installed', async () => { + const body = await getPrebuiltRulesAndTimelinesStatus(supertest); + + expect(body).toMatchObject({ + rules_custom_installed: 0, + rules_installed: 0, + rules_not_installed: 0, + rules_not_updated: 0, + }); + }); + + it('should show that one custom rule is installed when a custom rule is added', async () => { + await createRule(supertest, log, getSimpleRule()); + + const body = await getPrebuiltRulesAndTimelinesStatus(supertest); + expect(body).toMatchObject({ + rules_custom_installed: 1, + rules_installed: 0, + rules_not_installed: 0, + rules_not_updated: 0, + }); + }); + + describe(`rule package without historical versions`, () => { + const getRuleAssetSavedObjects = () => [ + createRuleAssetSavedObject({ rule_id: 'rule-1', version: 1 }), + createRuleAssetSavedObject({ rule_id: 'rule-2', version: 2 }), + createRuleAssetSavedObject({ rule_id: 'rule-3', version: 3 }), + createRuleAssetSavedObject({ rule_id: 'rule-4', version: 4 }), + ]; + const RULES_COUNT = 4; + + it('should return the number of rules available to install', async () => { + await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + const body = await getPrebuiltRulesAndTimelinesStatus(supertest); + + expect(body).toMatchObject({ + rules_custom_installed: 0, + rules_installed: 0, + rules_not_installed: RULES_COUNT, + rules_not_updated: 0, + }); + }); + + it('should return the number of installed prebuilt rules after installing them', async () => { + await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + await installPrebuiltRulesAndTimelines(supertest); + + const body = await getPrebuiltRulesAndTimelinesStatus(supertest); + expect(body).toMatchObject({ + rules_custom_installed: 0, + rules_installed: RULES_COUNT, + rules_not_installed: 0, + rules_not_updated: 0, + }); + }); + + it('should return available rule updates', async () => { + const ruleAssetSavedObjects = getRuleAssetSavedObjects(); + await createPrebuiltRuleAssetSavedObjects(es, ruleAssetSavedObjects); + await installPrebuiltRulesAndTimelines(supertest); + + // Clear previous rule assets + await deleteAllPrebuiltRuleAssets(es); + // Increment the version of one of the installed rules and create the new rule assets + ruleAssetSavedObjects[0]['security-rule'].version += 1; + await createPrebuiltRuleAssetSavedObjects(es, ruleAssetSavedObjects); + + const body = await getPrebuiltRulesAndTimelinesStatus(supertest); + expect(body).toMatchObject({ + rules_custom_installed: 0, + rules_installed: RULES_COUNT, + rules_not_installed: 0, + rules_not_updated: 1, + }); + }); + }); + + describe(`rule package with historical versions`, () => { + const getRuleAssetSavedObjects = () => [ + createRuleAssetSavedObject({ rule_id: 'rule-1', version: 1 }), + createRuleAssetSavedObject({ rule_id: 'rule-1', version: 2 }), + createRuleAssetSavedObject({ rule_id: 'rule-2', version: 1 }), + createRuleAssetSavedObject({ rule_id: 'rule-2', version: 2 }), + createRuleAssetSavedObject({ rule_id: 'rule-2', version: 3 }), + ]; + const RULES_COUNT = 2; + + it('should return the number of rules available to install', async () => { + await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + const body = await getPrebuiltRulesAndTimelinesStatus(supertest); + + expect(body).toMatchObject({ + rules_custom_installed: 0, + rules_installed: 0, + rules_not_installed: RULES_COUNT, + rules_not_updated: 0, + }); + }); + + it('should return the number of installed prebuilt rules after installing them', async () => { + await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + await installPrebuiltRulesAndTimelines(supertest); + + const body = await getPrebuiltRulesAndTimelinesStatus(supertest); + expect(body).toMatchObject({ + rules_custom_installed: 0, + rules_installed: RULES_COUNT, + rules_not_installed: 0, + rules_not_updated: 0, + }); + }); + + it('should return available rule updates when previous historical versions available)', async () => { + await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + await installPrebuiltRulesAndTimelines(supertest); + + // Add a new version of one of the installed rules + await createHistoricalPrebuiltRuleAssetSavedObjects(es, [ + createRuleAssetSavedObject({ rule_id: 'rule-1', version: 3 }), + ]); + + const body = await getPrebuiltRulesAndTimelinesStatus(supertest); + expect(body).toMatchObject({ + rules_custom_installed: 0, + rules_installed: RULES_COUNT, + rules_not_installed: 0, + rules_not_updated: 1, + }); + }); + + it('should return available rule updates when previous historical versions unavailable', async () => { + await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + await installPrebuiltRulesAndTimelines(supertest); + + // Delete the previous versions of rule assets + await deleteAllPrebuiltRuleAssets(es); + + // Add a new rule version + await createHistoricalPrebuiltRuleAssetSavedObjects(es, [ + createRuleAssetSavedObject({ rule_id: 'rule-1', version: 3 }), + ]); + + const body = await getPrebuiltRulesAndTimelinesStatus(supertest); + expect(body).toMatchObject({ + rules_custom_installed: 0, + rules_installed: RULES_COUNT, + rules_not_installed: 0, + rules_not_updated: 1, + }); + }); + }); + }); +}; diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/get_prebuilt_timelines_status.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/get_prebuilt_timelines_status.ts new file mode 100644 index 0000000000000..04275afe20dc9 --- /dev/null +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/get_prebuilt_timelines_status.ts @@ -0,0 +1,50 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import expect from 'expect'; +import { FtrProviderContext } from '../../common/ftr_provider_context'; +import { + deleteAllTimelines, + getPrebuiltRulesAndTimelinesStatus, + installPrebuiltRulesAndTimelines, +} from '../../utils'; + +// eslint-disable-next-line import/no-default-export +export default ({ getService }: FtrProviderContext): void => { + const supertest = getService('supertest'); + const es = getService('es'); + + describe('get_prebuilt_timelines_status', () => { + beforeEach(async () => { + await deleteAllTimelines(es); + }); + + it('should return the number of timeline templates available to install', async () => { + const body = await getPrebuiltRulesAndTimelinesStatus(supertest); + + expect(body).toMatchObject({ + timelines_installed: 0, + timelines_not_installed: expect.any(Number), + timelines_not_updated: 0, + }); + expect(body.timelines_not_installed).toBeGreaterThan(0); + }); + + it('should return the number of installed timeline templates after installing them', async () => { + await installPrebuiltRulesAndTimelines(supertest); + + const body = await getPrebuiltRulesAndTimelinesStatus(supertest); + expect(body).toMatchObject({ + timelines_installed: expect.any(Number), + timelines_not_installed: 0, + timelines_not_updated: 0, + }); + + expect(body.timelines_installed).toBeGreaterThan(0); + }); + }); +}; diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/get_prepackaged_rules_status.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/get_prepackaged_rules_status.ts deleted file mode 100644 index 244d8d677ae14..0000000000000 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/get_prepackaged_rules_status.ts +++ /dev/null @@ -1,136 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import expect from '@kbn/expect'; - -import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants'; -import { - PREBUILT_RULES_STATUS_URL, - PREBUILT_RULES_URL, -} from '@kbn/security-solution-plugin/common/detection_engine/prebuilt_rules'; - -import { FtrProviderContext } from '../../common/ftr_provider_context'; -import { - createSignalsIndex, - deleteAllAlerts, - deleteSignalsIndex, - getSimpleRule, - deleteAllTimelines, -} from '../../utils'; -import { createPrebuiltRuleAssetSavedObjects } from '../../utils/create_prebuilt_rule_saved_objects'; -import { deleteAllPrebuiltRules } from '../../utils/delete_all_prebuilt_rules'; - -// eslint-disable-next-line import/no-default-export -export default ({ getService }: FtrProviderContext): void => { - const supertest = getService('supertest'); - const es = getService('es'); - const log = getService('log'); - - describe('get_prepackaged_rules_status', () => { - describe('getting prepackaged rules status', () => { - beforeEach(async () => { - await createSignalsIndex(supertest, log); - await createPrebuiltRuleAssetSavedObjects(es); - }); - - afterEach(async () => { - await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); - await deleteAllTimelines(es); - await deleteAllPrebuiltRules(es); - }); - - it('should return expected JSON keys of the pre-packaged rules and pre-packaged timelines status', async () => { - const { body } = await supertest - .get(PREBUILT_RULES_STATUS_URL) - .set('kbn-xsrf', 'true') - .send() - .expect(200); - - expect(Object.keys(body)).to.eql([ - 'rules_custom_installed', - 'rules_installed', - 'rules_not_installed', - 'rules_not_updated', - 'timelines_installed', - 'timelines_not_installed', - 'timelines_not_updated', - ]); - }); - - it('should return that rules_not_installed are greater than zero', async () => { - const { body } = await supertest - .get(PREBUILT_RULES_STATUS_URL) - .set('kbn-xsrf', 'true') - .send() - .expect(200); - expect(body.rules_not_installed).to.be.greaterThan(0); - }); - - it('should return that timelines_not_installed are greater than zero', async () => { - const { body } = await supertest - .get(PREBUILT_RULES_STATUS_URL) - .set('kbn-xsrf', 'true') - .send() - .expect(200); - expect(body.timelines_not_installed).to.be.greaterThan(0); - }); - - it('should return that rules_custom_installed, rules_installed, and rules_not_updated are zero', async () => { - const { body } = await supertest - .get(PREBUILT_RULES_STATUS_URL) - .set('kbn-xsrf', 'true') - .send() - .expect(200); - expect(body.rules_custom_installed).to.eql(0); - expect(body.rules_installed).to.eql(0); - expect(body.rules_not_updated).to.eql(0); - }); - - it('should return that timelines_installed, and timelines_not_updated are zero', async () => { - const { body } = await supertest - .get(PREBUILT_RULES_STATUS_URL) - .set('kbn-xsrf', 'true') - .send() - .expect(200); - expect(body.timelines_installed).to.eql(0); - expect(body.timelines_not_updated).to.eql(0); - }); - - it('should show that one custom rule is installed when a custom rule is added', async () => { - await supertest - .post(DETECTION_ENGINE_RULES_URL) - .set('kbn-xsrf', 'true') - .send(getSimpleRule()) - .expect(200); - - const { body } = await supertest - .get(PREBUILT_RULES_STATUS_URL) - .set('kbn-xsrf', 'true') - .send() - .expect(200); - expect(body.rules_custom_installed).to.eql(1); - expect(body.rules_installed).to.eql(0); - expect(body.rules_not_updated).to.eql(0); - expect(body.timelines_installed).to.eql(0); - expect(body.timelines_not_updated).to.eql(0); - }); - - it('should show rules and timelines are installed when adding pre-packaged rules', async () => { - await supertest.put(PREBUILT_RULES_URL).set('kbn-xsrf', 'true').send().expect(200); - - const { body } = await supertest - .get(PREBUILT_RULES_STATUS_URL) - .set('kbn-xsrf', 'true') - .send() - .expect(200); - expect(body.rules_installed).to.be.greaterThan(0); - expect(body.timelines_installed).to.be.greaterThan(0); - }); - }); - }); -}; diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/get_rule_management_filters.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/get_rule_management_filters.ts index 9d95505e3db65..e8e86851fb53c 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/get_rule_management_filters.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/get_rule_management_filters.ts @@ -9,11 +9,9 @@ import expect from '@kbn/expect'; import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants'; import { RULE_MANAGEMENT_FILTERS_URL } from '@kbn/security-solution-plugin/common/detection_engine/rule_management/api/urls'; -import { PREBUILT_RULES_URL } from '@kbn/security-solution-plugin/common/detection_engine/prebuilt_rules'; import { FtrProviderContext } from '../../common/ftr_provider_context'; -import { deleteAllAlerts, getSimpleRule } from '../../utils'; -import { createPrebuiltRuleAssetSavedObjects } from '../../utils/create_prebuilt_rule_saved_objects'; -import { deleteAllPrebuiltRules } from '../../utils/delete_all_prebuilt_rules'; +import { deleteAllRules, getSimpleRule, installMockPrebuiltRules } from '../../utils'; +import { deleteAllPrebuiltRuleAssets } from '../../utils/prebuilt_rules/delete_all_prebuilt_rule_assets'; // eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext): void => { @@ -23,7 +21,7 @@ export default ({ getService }: FtrProviderContext): void => { describe('get_rule_management_filters', () => { beforeEach(async () => { - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should return the correct result when there are no rules', async () => { @@ -80,12 +78,8 @@ export default ({ getService }: FtrProviderContext): void => { describe('when there are installed prebuilt rules', () => { beforeEach(async () => { - await createPrebuiltRuleAssetSavedObjects(es); - await supertest.put(PREBUILT_RULES_URL).set('kbn-xsrf', 'true').send().expect(200); - }); - - afterEach(async () => { - await deleteAllPrebuiltRules(es); + await deleteAllPrebuiltRuleAssets(es); + await installMockPrebuiltRules(supertest, es); }); it('should return the correct number of installed prepacked rules after pre-packaged rules have been installed', async () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/index.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/index.ts index 24e0d5389a018..4bf702f4d2a75 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/index.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/index.ts @@ -17,7 +17,6 @@ export default ({ loadTestFile }: FtrProviderContext): void => { loadTestFile(require.resolve('./aliases')); loadTestFile(require.resolve('./add_actions')); loadTestFile(require.resolve('./update_actions')); - loadTestFile(require.resolve('./add_prepackaged_rules')); loadTestFile(require.resolve('./check_privileges')); loadTestFile(require.resolve('./create_index')); loadTestFile(require.resolve('./create_rules')); @@ -30,7 +29,10 @@ export default ({ loadTestFile }: FtrProviderContext): void => { loadTestFile(require.resolve('./export_rules')); loadTestFile(require.resolve('./find_rules')); loadTestFile(require.resolve('./find_rule_exception_references')); - loadTestFile(require.resolve('./get_prepackaged_rules_status')); + loadTestFile(require.resolve('./get_prebuilt_rules_status')); + loadTestFile(require.resolve('./get_prebuilt_timelines_status')); + loadTestFile(require.resolve('./install_prebuilt_rules')); loadTestFile(require.resolve('./get_rule_management_filters')); + loadTestFile(require.resolve('./fleet_integration')); }); }; diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/install_prebuilt_rules.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/install_prebuilt_rules.ts new file mode 100644 index 0000000000000..dc96909ac6bc9 --- /dev/null +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/install_prebuilt_rules.ts @@ -0,0 +1,250 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import expect from 'expect'; +import { DETECTION_ENGINE_RULES_URL_FIND } from '@kbn/security-solution-plugin/common/constants'; +import { FtrProviderContext } from '../../common/ftr_provider_context'; +import { + deleteAllRules, + deleteAllTimelines, + deleteRule, + getPrebuiltRulesAndTimelinesStatus, +} from '../../utils'; +import { + createHistoricalPrebuiltRuleAssetSavedObjects, + createPrebuiltRuleAssetSavedObjects, + createRuleAssetSavedObject, +} from '../../utils/prebuilt_rules/create_prebuilt_rule_saved_objects'; +import { deleteAllPrebuiltRuleAssets } from '../../utils/prebuilt_rules/delete_all_prebuilt_rule_assets'; +import { installPrebuiltRulesAndTimelines } from '../../utils/prebuilt_rules/install_prebuilt_rules_and_timelines'; + +// eslint-disable-next-line import/no-default-export +export default ({ getService }: FtrProviderContext): void => { + const es = getService('es'); + const supertest = getService('supertest'); + const log = getService('log'); + + describe('install_prebuilt_rules_from_mock_assets', () => { + beforeEach(async () => { + await deleteAllRules(supertest, log); + await deleteAllTimelines(es); + await deleteAllPrebuiltRuleAssets(es); + }); + + describe(`rule package without historical versions`, () => { + const getRuleAssetSavedObjects = () => [ + createRuleAssetSavedObject({ rule_id: 'rule-1', version: 1 }), + createRuleAssetSavedObject({ rule_id: 'rule-2', version: 2 }), + createRuleAssetSavedObject({ rule_id: 'rule-3', version: 3 }), + createRuleAssetSavedObject({ rule_id: 'rule-4', version: 4 }), + ]; + const RULES_COUNT = 4; + + it('should install prebuilt rules', async () => { + await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + const body = await installPrebuiltRulesAndTimelines(supertest); + + expect(body.rules_installed).toBe(RULES_COUNT); + expect(body.rules_updated).toBe(0); + }); + + it('should install correct prebuilt rule versions', async () => { + await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + await installPrebuiltRulesAndTimelines(supertest); + + // Get installed rules + const { body: rulesResponse } = await supertest + .get(DETECTION_ENGINE_RULES_URL_FIND) + .set('kbn-xsrf', 'true') + .send() + .expect(200); + + // Check that all prebuilt rules were actually installed and their versions match the latest + expect(rulesResponse.total).toBe(RULES_COUNT); + expect(rulesResponse.data).toEqual( + expect.arrayContaining([ + expect.objectContaining({ rule_id: 'rule-1', version: 1 }), + expect.objectContaining({ rule_id: 'rule-2', version: 2 }), + expect.objectContaining({ rule_id: 'rule-3', version: 3 }), + expect.objectContaining({ rule_id: 'rule-4', version: 4 }), + ]) + ); + }); + + it('should not install prebuilt rules if they are up to date', async () => { + // Install all prebuilt detection rules + await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + await installPrebuiltRulesAndTimelines(supertest); + + // Check that all prebuilt rules were installed + const statusResponse = await getPrebuiltRulesAndTimelinesStatus(supertest); + expect(statusResponse.rules_not_installed).toBe(0); + + // Call the install prebuilt rules again and check that no rules were installed + const response = await installPrebuiltRulesAndTimelines(supertest); + expect(response.rules_installed).toBe(0); + expect(response.rules_updated).toBe(0); + }); + + it('should install missing prebuilt rules', async () => { + // Install all prebuilt detection rules + await createPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + await installPrebuiltRulesAndTimelines(supertest); + + // Delete one of the installed rules + await deleteRule(supertest, 'rule-1'); + + // Check that one prebuilt rule is missing + const statusResponse = await getPrebuiltRulesAndTimelinesStatus(supertest); + expect(statusResponse.rules_not_installed).toBe(1); + + // Call the install prebuilt rules again and check that the missing rule was installed + const response = await installPrebuiltRulesAndTimelines(supertest); + expect(response.rules_installed).toBe(1); + expect(response.rules_updated).toBe(0); + }); + + it('should update outdated prebuilt rules', async () => { + // Install all prebuilt detection rules + const ruleAssetSavedObjects = getRuleAssetSavedObjects(); + await createPrebuiltRuleAssetSavedObjects(es, ruleAssetSavedObjects); + await installPrebuiltRulesAndTimelines(supertest); + + // Clear previous rule assets + await deleteAllPrebuiltRuleAssets(es); + // Increment the version of one of the installed rules and create the new rule assets + ruleAssetSavedObjects[0]['security-rule'].version += 1; + await createPrebuiltRuleAssetSavedObjects(es, ruleAssetSavedObjects); + + // Check that one prebuilt rule status shows that one rule is outdated + const statusResponse = await getPrebuiltRulesAndTimelinesStatus(supertest); + expect(statusResponse.rules_not_updated).toBe(1); + + // Call the install prebuilt rules again and check that the outdated rule was updated + const response = await installPrebuiltRulesAndTimelines(supertest); + expect(response.rules_installed).toBe(0); + expect(response.rules_updated).toBe(1); + }); + }); + + describe(`rule package with historical versions`, () => { + const getRuleAssetSavedObjects = () => [ + createRuleAssetSavedObject({ rule_id: 'rule-1', version: 1 }), + createRuleAssetSavedObject({ rule_id: 'rule-1', version: 2 }), + createRuleAssetSavedObject({ rule_id: 'rule-2', version: 1 }), + createRuleAssetSavedObject({ rule_id: 'rule-2', version: 2 }), + createRuleAssetSavedObject({ rule_id: 'rule-2', version: 3 }), + ]; + const RULES_COUNT = 2; + + it('should install prebuilt rules', async () => { + await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + const body = await installPrebuiltRulesAndTimelines(supertest); + + expect(body.rules_installed).toBe(RULES_COUNT); + expect(body.rules_updated).toBe(0); + }); + + it('should install correct prebuilt rule versions', async () => { + await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + await installPrebuiltRulesAndTimelines(supertest); + + // Get installed rules + const { body: rulesResponse } = await supertest + .get(DETECTION_ENGINE_RULES_URL_FIND) + .set('kbn-xsrf', 'true') + .send() + .expect(200); + + // Check that all prebuilt rules were actually installed and their versions match the latest + expect(rulesResponse.total).toBe(RULES_COUNT); + expect(rulesResponse.data).toEqual( + expect.arrayContaining([ + expect.objectContaining({ rule_id: 'rule-1', version: 2 }), + expect.objectContaining({ rule_id: 'rule-2', version: 3 }), + ]) + ); + }); + + it('should not install prebuilt rules if they are up to date', async () => { + // Install all prebuilt detection rules + await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + await installPrebuiltRulesAndTimelines(supertest); + + // Check that all prebuilt rules were installed + const statusResponse = await getPrebuiltRulesAndTimelinesStatus(supertest); + expect(statusResponse.rules_not_installed).toBe(0); + + // Call the install prebuilt rules again and check that no rules were installed + const response = await installPrebuiltRulesAndTimelines(supertest); + expect(response.rules_installed).toBe(0); + expect(response.rules_updated).toBe(0); + }); + + it('should install missing prebuilt rules', async () => { + // Install all prebuilt detection rules + await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + await installPrebuiltRulesAndTimelines(supertest); + + // Delete one of the installed rules + await deleteRule(supertest, 'rule-1'); + + // Check that one prebuilt rule is missing + const statusResponse = await getPrebuiltRulesAndTimelinesStatus(supertest); + expect(statusResponse.rules_not_installed).toBe(1); + + // Call the install prebuilt rules again and check that the missing rule was installed + const response = await installPrebuiltRulesAndTimelines(supertest); + expect(response.rules_installed).toBe(1); + expect(response.rules_updated).toBe(0); + }); + + it('should update outdated prebuilt rules when previous historical versions available', async () => { + // Install all prebuilt detection rules + await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + await installPrebuiltRulesAndTimelines(supertest); + + // Add a new version of one of the installed rules + await createHistoricalPrebuiltRuleAssetSavedObjects(es, [ + createRuleAssetSavedObject({ rule_id: 'rule-1', version: 3 }), + ]); + + // Check that one prebuilt rule status shows that one rule is outdated + const statusResponse = await getPrebuiltRulesAndTimelinesStatus(supertest); + expect(statusResponse.rules_not_updated).toBe(1); + + // Call the install prebuilt rules again and check that the outdated rule was updated + const response = await installPrebuiltRulesAndTimelines(supertest); + expect(response.rules_installed).toBe(0); + expect(response.rules_updated).toBe(1); + }); + + it('should update outdated prebuilt rules when previous historical versions unavailable', async () => { + // Install all prebuilt detection rules + await createHistoricalPrebuiltRuleAssetSavedObjects(es, getRuleAssetSavedObjects()); + await installPrebuiltRulesAndTimelines(supertest); + + // Clear previous rule assets + await deleteAllPrebuiltRuleAssets(es); + + // Add a new rule version + await createHistoricalPrebuiltRuleAssetSavedObjects(es, [ + createRuleAssetSavedObject({ rule_id: 'rule-1', version: 3 }), + ]); + + // Check that one prebuilt rule status shows that one rule is outdated + const statusResponse = await getPrebuiltRulesAndTimelinesStatus(supertest); + expect(statusResponse.rules_not_updated).toBe(1); + + // Call the install prebuilt rules again and check that the outdated rule was updated + const response = await installPrebuiltRulesAndTimelines(supertest); + expect(response.rules_installed).toBe(0); + expect(response.rules_updated).toBe(1); + }); + }); + }); +}; diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/preview_rules.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/preview_rules.ts index b38545e9c03c9..5c301030d5abe 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/preview_rules.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/preview_rules.ts @@ -10,7 +10,7 @@ import expect from '@kbn/expect'; import { DETECTION_ENGINE_RULES_PREVIEW } from '@kbn/security-solution-plugin/common/constants'; import { ROLES } from '@kbn/security-solution-plugin/common/test'; import { FtrProviderContext } from '../../common/ftr_provider_context'; -import { deleteAllAlerts, getSimplePreviewRule, getSimpleRulePreviewOutput } from '../../utils'; +import { deleteAllRules, getSimplePreviewRule, getSimpleRulePreviewOutput } from '../../utils'; import { createUserAndRole, deleteUserAndRole } from '../../../common/services/security_solution'; // eslint-disable-next-line import/no-default-export @@ -31,7 +31,7 @@ export default ({ getService }: FtrProviderContext) => { }); afterEach(async () => { - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); describe('elastic admin preview', () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/update_actions.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/update_actions.ts index 4897805e09eb2..e962ee6995d65 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/update_actions.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group1/update_actions.ts @@ -12,7 +12,7 @@ import { RuleCreateProps } from '@kbn/security-solution-plugin/common/detection_ import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, removeServerGeneratedProperties, getRuleWithWebHookAction, @@ -21,15 +21,15 @@ import { createRule, getSimpleRule, updateRule, - installPrePackagedRules, + installMockPrebuiltRules, getRule, createNewAction, findImmutableRuleById, - getPrePackagedRulesStatus, + getPrebuiltRulesAndTimelinesStatus, getSimpleRuleOutput, ruleToUpdateSchema, } from '../../utils'; -import { ELASTIC_SECURITY_RULE_ID } from '../../utils/create_prebuilt_rule_saved_objects'; +import { ELASTIC_SECURITY_RULE_ID } from '../../utils/prebuilt_rules/create_prebuilt_rule_saved_objects'; // eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext) => { @@ -39,7 +39,7 @@ export default ({ getService }: FtrProviderContext) => { const log = getService('log'); const getImmutableRule = async () => { - await installPrePackagedRules(supertest, es, log); + await installMockPrebuiltRules(supertest, es); return getRule(supertest, log, ELASTIC_SECURITY_RULE_ID); }; @@ -59,7 +59,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should be able to create a new webhook action and update a rule with the webhook action', async () => { @@ -163,7 +163,7 @@ export default ({ getService }: FtrProviderContext) => { ); await updateRule(supertest, log, ruleToUpdate); - const status = await getPrePackagedRulesStatus(supertest, log); + const status = await getPrebuiltRulesAndTimelinesStatus(supertest); expect(status.rules_not_installed).to.eql(0); }); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/get_rule_execution_results.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/get_rule_execution_results.ts index 96f710ad32e9f..df2d521145234 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/get_rule_execution_results.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/get_rule_execution_results.ts @@ -20,7 +20,7 @@ import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createRule, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteAllEventLogExecutionEvents, deleteSignalsIndex, getRuleForSignalTesting, @@ -55,7 +55,7 @@ export default ({ getService }: FtrProviderContext) => { }); beforeEach(async () => { - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); await deleteAllEventLogExecutionEvents(es, log); }); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/ignore_fields.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/ignore_fields.ts index d7528fbf6e8f5..56d731896e3b1 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/ignore_fields.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/ignore_fields.ts @@ -11,7 +11,7 @@ import { FtrProviderContext } from '../../../common/ftr_provider_context'; import { createRule, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getEqlRuleForSignalTesting, getSignalsById, @@ -66,7 +66,7 @@ export default ({ getService }: FtrProviderContext): void => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should ignore the field of "testing_ignored"', async () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/import_export_rules.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/import_export_rules.ts index b2dffead914b8..c597921d8270f 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/import_export_rules.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/import_export_rules.ts @@ -17,7 +17,7 @@ import { binaryToString, createRule, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getSimpleRule, } from '../../utils'; @@ -43,7 +43,7 @@ export default ({ getService }: FtrProviderContext): void => { await deleteUserAndRole(getService, ROLES.soc_manager); await deleteAllExceptions(supertest, log); await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should be able to reimport a rule referencing an exception list with existing comments', async () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/import_rules.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/import_rules.ts index 169fe074604fa..41b49ac35bfc6 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/import_rules.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/import_rules.ts @@ -20,7 +20,7 @@ import { ROLES } from '@kbn/security-solution-plugin/common/test'; import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getSimpleRule, getSimpleRuleAsNdjson, @@ -117,7 +117,7 @@ export default ({ getService }: FtrProviderContext): void => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should successfully import rules without actions when user has no actions privileges', async () => { const { body } = await supertestWithoutAuth @@ -404,7 +404,7 @@ export default ({ getService }: FtrProviderContext): void => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should set the response content types to be expected', async () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/open_close_signals.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/open_close_signals.ts index 0b7491e00b430..8137d403b8e00 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/open_close_signals.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/open_close_signals.ts @@ -22,7 +22,7 @@ import { setSignalStatus, getSignalStatusEmptyResponse, getQuerySignalIds, - deleteAllAlerts, + deleteAllRules, createRule, waitForSignalsToBePresent, getSignalsByIds, @@ -79,13 +79,13 @@ export default ({ getService }: FtrProviderContext) => { }); beforeEach(async () => { - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); await createSignalsIndex(supertest, log); }); afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should be able to execute and get 10 signals', async () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/patch_rules.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/patch_rules.ts index 2ec13365eb1d1..44158f34e8e7c 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/patch_rules.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/patch_rules.ts @@ -12,7 +12,7 @@ import { ExceptionListTypeEnum } from '@kbn/securitysolution-io-ts-list-types'; import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getSimpleRule, getSimpleRuleOutput, @@ -38,7 +38,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should patch a single rule property of name using a rule_id', async () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/patch_rules_bulk.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/patch_rules_bulk.ts index b844e9500e126..705a86b4ac895 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/patch_rules_bulk.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/patch_rules_bulk.ts @@ -13,7 +13,7 @@ import { ExceptionListTypeEnum } from '@kbn/securitysolution-io-ts-list-types'; import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getSimpleRule, getSimpleRuleOutput, @@ -32,7 +32,7 @@ export default ({ getService }: FtrProviderContext) => { describe('patch_rules_bulk', () => { describe('deprecations', () => { afterEach(async () => { - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should return a warning header', async () => { @@ -57,7 +57,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should patch a single rule property of name using a rule_id', async () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/perform_bulk_action.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/perform_bulk_action.ts index 13f1f99fc3b23..b1a2a9703f1ac 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/perform_bulk_action.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/perform_bulk_action.ts @@ -23,7 +23,7 @@ import { createLegacyRuleAction, createRule, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getLegacyActionSO, getSimpleMlRule, @@ -31,7 +31,7 @@ import { getSimpleRuleOutput, getSlackAction, getWebHookAction, - installPrePackagedRules, + installMockPrebuiltRules, removeServerGeneratedProperties, } from '../../utils'; @@ -76,7 +76,7 @@ export default ({ getService }: FtrProviderContext): void => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should export rules', async () => { @@ -1318,7 +1318,7 @@ export default ({ getService }: FtrProviderContext): void => { ]; cases.forEach(({ type, value }) => { it(`should return error when trying to apply "${type}" edit action to prebuilt rule`, async () => { - await installPrePackagedRules(supertest, es, log); + await installMockPrebuiltRules(supertest, es); const prebuiltRule = await fetchPrebuiltRule(); const { body } = await postBulkAction() @@ -1784,7 +1784,7 @@ export default ({ getService }: FtrProviderContext): void => { ]; cases.forEach(({ type }) => { it(`should apply "${type}" rule action to prebuilt rule`, async () => { - await installPrePackagedRules(supertest, es, log); + await installMockPrebuiltRules(supertest, es); const prebuiltRule = await fetchPrebuiltRule(); const webHookConnector = await createWebHookConnector(); @@ -1838,7 +1838,7 @@ export default ({ getService }: FtrProviderContext): void => { // if rule action is applied together with another edit action, that can't be applied to prebuilt rule (for example: tags action) // bulk edit request should return error it(`should return error if one of edit action is not eligible for prebuilt rule`, async () => { - await installPrePackagedRules(supertest, es, log); + await installMockPrebuiltRules(supertest, es); const prebuiltRule = await fetchPrebuiltRule(); const webHookConnector = await createWebHookConnector(); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/perform_bulk_action_dry_run.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/perform_bulk_action_dry_run.ts index 1996dc2438580..41cefab2f8485 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/perform_bulk_action_dry_run.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/perform_bulk_action_dry_run.ts @@ -17,11 +17,11 @@ import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createRule, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getSimpleMlRule, getSimpleRule, - installPrePackagedRules, + installMockPrebuiltRules, } from '../../utils'; // eslint-disable-next-line import/no-default-export @@ -49,7 +49,7 @@ export default ({ getService }: FtrProviderContext): void => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should not support export action', async () => { @@ -188,7 +188,7 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should validate immutable rule edit', async () => { - await installPrePackagedRules(supertest, es, log); + await installMockPrebuiltRules(supertest, es); const { body: findBody } = await findRules() .query({ per_page: 1, filter: 'alert.attributes.params.immutable: true' }) .send() diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/read_rules.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/read_rules.ts index 5f03ce094e95e..8bbf6584d26af 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/read_rules.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/read_rules.ts @@ -12,7 +12,7 @@ import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createRule, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getSimpleRule, getSimpleRuleOutput, @@ -36,7 +36,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should be able to read a single rule using rule_id', async () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/resolve_read_rules.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/resolve_read_rules.ts index 5c2bdafbd5c32..64b87eea43b38 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/resolve_read_rules.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/resolve_read_rules.ts @@ -9,7 +9,7 @@ import expect from '@kbn/expect'; import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants'; import { FtrProviderContext } from '../../common/ftr_provider_context'; -import { createSignalsIndex, deleteAllAlerts, deleteSignalsIndex } from '../../utils'; +import { createSignalsIndex, deleteAllRules, deleteSignalsIndex } from '../../utils'; const spaceId = '714-space'; @@ -31,7 +31,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); await esArchiver.unload( 'x-pack/test/functional/es_archives/security_solution/resolve_read_rules/7_14' ); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/runtime.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/runtime.ts index 4c29eafc81804..55b10bc17aca1 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/runtime.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/runtime.ts @@ -12,7 +12,7 @@ import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createRule, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getRuleForSignalTesting, getSignalsById, @@ -48,7 +48,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should execute a rule to completion and not timeout when there are a lot of runtime fields', async () => { @@ -95,7 +95,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); await esArchiver.unload( 'x-pack/test/functional/es_archives/security_solution/runtime_conflicting_fields' ); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/throttle.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/throttle.ts index 10089383b1028..760e64cc6f102 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/throttle.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/throttle.ts @@ -16,7 +16,7 @@ import { import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getWebHookAction, getRuleWithWebHookAction, @@ -52,7 +52,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); describe('creating a rule', () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/timestamps.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/timestamps.ts index df0d9fb17e47a..4ae77b694a1bb 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/timestamps.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/timestamps.ts @@ -17,7 +17,7 @@ import { ALERT_ORIGINAL_TIME } from '@kbn/security-solution-plugin/common/field_ import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, createRule, waitForRuleSuccessOrStatus, @@ -54,7 +54,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); await esArchiver.unload( 'x-pack/test/functional/es_archives/security_solution/timestamp_in_seconds' ); @@ -148,7 +148,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); await esArchiver.unload( 'x-pack/test/functional/es_archives/security_solution/timestamp_override_1' ); @@ -367,7 +367,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); describe('KQL', () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/update_rules.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/update_rules.ts index a33aacd26bb8a..7e23ee54c8e93 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/update_rules.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/update_rules.ts @@ -12,7 +12,7 @@ import { ExceptionListTypeEnum } from '@kbn/securitysolution-io-ts-list-types'; import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getSimpleRuleOutput, removeServerGeneratedProperties, @@ -42,7 +42,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should update a single rule property of name using a rule_id', async () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/update_rules_bulk.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/update_rules_bulk.ts index 04f3eb2536a41..f143f0eedc15b 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/update_rules_bulk.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group10/update_rules_bulk.ts @@ -16,7 +16,7 @@ import { ExceptionListTypeEnum } from '@kbn/securitysolution-io-ts-list-types'; import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getSimpleRuleOutput, removeServerGeneratedProperties, @@ -34,7 +34,7 @@ export default ({ getService }: FtrProviderContext) => { describe('update_rules_bulk', () => { describe('deprecations', () => { afterEach(async () => { - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should return a warning header', async () => { @@ -60,7 +60,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should update a single rule property of name using a rule_id', async () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group2/create_endpoint_exceptions.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group2/create_endpoint_exceptions.ts index 231d4138b1d19..ba055eb2e167b 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group2/create_endpoint_exceptions.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group2/create_endpoint_exceptions.ts @@ -19,7 +19,7 @@ import { createRule, createRuleWithExceptionEntries, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getRuleForSignalTesting, getSignalsById, @@ -95,7 +95,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); await deleteAllExceptions(supertest, log); await deleteListsIndex(supertest, log); }); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group3/create_exceptions.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group3/create_exceptions.ts index af653c9740afd..c247db1511d13 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group3/create_exceptions.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group3/create_exceptions.ts @@ -25,7 +25,7 @@ import { ROLES } from '@kbn/security-solution-plugin/common/test'; import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getSimpleRule, getSimpleRuleOutput, @@ -33,14 +33,14 @@ import { downgradeImmutableRule, createRule, waitForRuleSuccessOrStatus, - installPrePackagedRules, + installMockPrebuiltRules, getRule, createExceptionList, createExceptionListItem, waitForSignalsToBePresent, getSignalsByIds, findImmutableRuleById, - getPrePackagedRulesStatus, + getPrebuiltRulesAndTimelinesStatus, getOpenSignals, createRuleWithExceptionEntries, getEqlRuleForSignalTesting, @@ -56,7 +56,7 @@ import { createUserAndRole, deleteUserAndRole } from '../../../common/services/s import { ELASTIC_SECURITY_RULE_ID, SAMPLE_PREBUILT_RULES, -} from '../../utils/create_prebuilt_rule_saved_objects'; +} from '../../utils/prebuilt_rules/create_prebuilt_rule_saved_objects'; // eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext) => { @@ -82,7 +82,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); await deleteAllExceptions(supertest, log); }); @@ -166,7 +166,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should allow removing an exception list from an immutable rule through patch', async () => { - await installPrePackagedRules(supertest, es, log); + await installMockPrebuiltRules(supertest, es); // This rule has an existing exceptions_list that we are going to use const immutableRule = await getRule(supertest, log, ELASTIC_SECURITY_RULE_ID); @@ -184,7 +184,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should allow adding a second exception list to an immutable rule through patch', async () => { - await installPrePackagedRules(supertest, es, log); + await installMockPrebuiltRules(supertest, es); const { id, list_id, namespace_type, type } = await createExceptionList( supertest, @@ -220,7 +220,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should override any updates to pre-packaged rules if the user removes the exception list through the API but the new version of a rule has an exception list again', async () => { - await installPrePackagedRules(supertest, es, log); + await installMockPrebuiltRules(supertest, es); // This rule has an existing exceptions_list that we are going to use const immutableRule = await getRule(supertest, log, ELASTIC_SECURITY_RULE_ID); @@ -233,7 +233,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(200); await downgradeImmutableRule(es, log, ELASTIC_SECURITY_RULE_ID); - await installPrePackagedRules(supertest, es, log); + await installMockPrebuiltRules(supertest, es); const immutableRuleSecondTime = await getRule(supertest, log, ELASTIC_SECURITY_RULE_ID); // We should have a length of 1 and it should be the same as our original before we tried to remove it using patch @@ -242,7 +242,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should merge back an exceptions_list if it was removed from the immutable rule through PATCH', async () => { - await installPrePackagedRules(supertest, es, log); + await installMockPrebuiltRules(supertest, es); const { id, list_id, namespace_type, type } = await createExceptionList( supertest, @@ -272,7 +272,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(200); await downgradeImmutableRule(es, log, ELASTIC_SECURITY_RULE_ID); - await installPrePackagedRules(supertest, es, log); + await installMockPrebuiltRules(supertest, es); const immutableRuleSecondTime = await getRule(supertest, log, ELASTIC_SECURITY_RULE_ID); expect(immutableRuleSecondTime.exceptions_list).to.eql([ @@ -287,14 +287,14 @@ export default ({ getService }: FtrProviderContext) => { }); it('should NOT add an extra exceptions_list that already exists on a rule during an upgrade', async () => { - await installPrePackagedRules(supertest, es, log); + await installMockPrebuiltRules(supertest, es); // This rule has an existing exceptions_list that we are going to ensure does not stomp on our existing rule const immutableRule = await getRule(supertest, log, ELASTIC_SECURITY_RULE_ID); expect(immutableRule.exceptions_list.length).greaterThan(0); // make sure we have at least one await downgradeImmutableRule(es, log, ELASTIC_SECURITY_RULE_ID); - await installPrePackagedRules(supertest, es, log); + await installMockPrebuiltRules(supertest, es); const immutableRuleSecondTime = await getRule(supertest, log, ELASTIC_SECURITY_RULE_ID); @@ -306,7 +306,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should NOT allow updates to pre-packaged rules to overwrite existing exception based rules when the user adds an additional exception list', async () => { - await installPrePackagedRules(supertest, es, log); + await installMockPrebuiltRules(supertest, es); const { id, list_id, namespace_type, type } = await createExceptionList( supertest, @@ -336,7 +336,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(200); await downgradeImmutableRule(es, log, ELASTIC_SECURITY_RULE_ID); - await installPrePackagedRules(supertest, es, log); + await installMockPrebuiltRules(supertest, es); const immutableRuleSecondTime = await getRule(supertest, log, ELASTIC_SECURITY_RULE_ID); // It should be the same as what the user added originally @@ -352,7 +352,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should not remove any exceptions added to a pre-packaged/immutable rule during an update if that rule has no existing exception lists', async () => { - await installPrePackagedRules(supertest, es, log); + await installMockPrebuiltRules(supertest, es); // Create a new exception list const { id, list_id, namespace_type, type } = await createExceptionList( @@ -391,7 +391,7 @@ export default ({ getService }: FtrProviderContext) => { .expect(200); await downgradeImmutableRule(es, log, ruleId); - await installPrePackagedRules(supertest, es, log); + await installMockPrebuiltRules(supertest, es); const immutableRuleSecondTime = await getRule(supertest, log, ruleId); expect(immutableRuleSecondTime.exceptions_list).to.eql([ @@ -405,7 +405,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should not change the immutable tags when adding a second exception list to an immutable rule through patch', async () => { - await installPrePackagedRules(supertest, es, log); + await installMockPrebuiltRules(supertest, es); const { id, list_id, namespace_type, type } = await createExceptionList( supertest, @@ -445,7 +445,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should not change count of prepacked rules when adding a second exception list to an immutable rule through patch. If this fails, suspect the immutable tags are not staying on the rule correctly.', async () => { - await installPrePackagedRules(supertest, es, log); + await installMockPrebuiltRules(supertest, es); const { id, list_id, namespace_type, type } = await createExceptionList( supertest, @@ -475,7 +475,7 @@ export default ({ getService }: FtrProviderContext) => { }) .expect(200); - const status = await getPrePackagedRulesStatus(supertest, log); + const status = await getPrebuiltRulesAndTimelinesStatus(supertest); expect(status.rules_not_installed).to.eql(0); }); }); @@ -525,7 +525,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); await deleteAllExceptions(supertest, log); }); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group4/telemetry/task_based/all_types.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group4/telemetry/task_based/all_types.ts index 354ba79a46a56..d7fe3637f01e9 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group4/telemetry/task_based/all_types.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group4/telemetry/task_based/all_types.ts @@ -9,7 +9,7 @@ import expect from '@kbn/expect'; import { FtrProviderContext } from '../../../../common/ftr_provider_context'; import { createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getSecurityTelemetryStats, removeTimeFieldsFromTelemetryStats, @@ -38,7 +38,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); await deleteAllExceptions(supertest, log); }); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group4/telemetry/task_based/detection_rules.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group4/telemetry/task_based/detection_rules.ts index 50e79a447e48a..41e4cabe6b79f 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group4/telemetry/task_based/detection_rules.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group4/telemetry/task_based/detection_rules.ts @@ -13,18 +13,18 @@ import { FtrProviderContext } from '../../../../common/ftr_provider_context'; import { createRule, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getRule, getRuleForSignalTesting, - installPrePackagedRules, + installMockPrebuiltRules, getSecurityTelemetryStats, createExceptionList, createExceptionListItem, removeTimeFieldsFromTelemetryStats, } from '../../../../utils'; import { deleteAllExceptions } from '../../../../../lists_api_integration/utils'; -import { ELASTIC_SECURITY_RULE_ID } from '../../../../utils/create_prebuilt_rule_saved_objects'; +import { ELASTIC_SECURITY_RULE_ID } from '../../../../utils/prebuilt_rules/create_prebuilt_rule_saved_objects'; // eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext) => { @@ -49,7 +49,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); await deleteAllExceptions(supertest, log); }); @@ -338,7 +338,7 @@ export default ({ getService }: FtrProviderContext) => { describe('pre-built/immutable/elastic rules should show detection_rules telemetry data for each list type', () => { beforeEach(async () => { // install prepackaged rules to get immutable rules for testing - await installPrePackagedRules(supertest, es, log); + await installMockPrebuiltRules(supertest, es); }); it('should return mutating types such as "id", "@timestamp", etc... for list of type "detection"', async () => { @@ -783,7 +783,7 @@ export default ({ getService }: FtrProviderContext) => { describe('pre-built/immutable/elastic rules should show detection_rules telemetry data for multiple list items and types', () => { beforeEach(async () => { // install prepackaged rules to get immutable rules for testing - await installPrePackagedRules(supertest, es, log); + await installMockPrebuiltRules(supertest, es); }); it('should give telemetry/stats for 2 exception lists to the type of "detection"', async () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group4/telemetry/task_based/security_lists.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group4/telemetry/task_based/security_lists.ts index 4db09b123d3db..e032e4455f494 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group4/telemetry/task_based/security_lists.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group4/telemetry/task_based/security_lists.ts @@ -14,7 +14,7 @@ import { import { FtrProviderContext } from '../../../../common/ftr_provider_context'; import { createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getSecurityTelemetryStats, createExceptionListItem, @@ -47,7 +47,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); await deleteAllExceptions(supertest, log); }); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group4/telemetry/usage_collector/all_types.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group4/telemetry/usage_collector/all_types.ts index 2e2a9811356cb..1f825b46d40a5 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group4/telemetry/usage_collector/all_types.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group4/telemetry/usage_collector/all_types.ts @@ -10,7 +10,7 @@ import { getInitialDetectionMetrics } from '@kbn/security-solution-plugin/server import type { FtrProviderContext } from '../../../../common/ftr_provider_context'; import { createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getStats, } from '../../../../utils'; @@ -37,7 +37,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should have initialized empty/zero values when no rules are running', async () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group4/telemetry/usage_collector/detection_rule_status.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group4/telemetry/usage_collector/detection_rule_status.ts index 0581c97802f03..c21c89807dc0f 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group4/telemetry/usage_collector/detection_rule_status.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group4/telemetry/usage_collector/detection_rule_status.ts @@ -23,7 +23,7 @@ import { import { createRule, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getEqlRuleForSignalTesting, getRuleForSignalTesting, @@ -63,7 +63,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); await deleteAllEventLogExecutionEvents(es, log); }); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group4/telemetry/usage_collector/detection_rules.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group4/telemetry/usage_collector/detection_rules.ts index f1de2682deba6..7a1d970de1879 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group4/telemetry/usage_collector/detection_rules.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group4/telemetry/usage_collector/detection_rules.ts @@ -19,7 +19,7 @@ import { createNewAction, createRule, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getEqlRuleForSignalTesting, getRule, @@ -30,13 +30,13 @@ import { getSimpleThreatMatch, getStats, getThresholdRuleForSignalTesting, - installPrePackagedRules, + installMockPrebuiltRules, waitForRuleSuccessOrStatus, waitForSignalsToBePresent, updateRule, deleteAllEventLogExecutionEvents, } from '../../../../utils'; -import { ELASTIC_SECURITY_RULE_ID } from '../../../../utils/create_prebuilt_rule_saved_objects'; +import { ELASTIC_SECURITY_RULE_ID } from '../../../../utils/prebuilt_rules/create_prebuilt_rule_saved_objects'; // eslint-disable-next-line import/no-default-export export default ({ getService }: FtrProviderContext) => { @@ -63,7 +63,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); await deleteAllEventLogExecutionEvents(es, log); }); @@ -1267,7 +1267,7 @@ export default ({ getService }: FtrProviderContext) => { describe('"pre-packaged"/"immutable" rules', async () => { it('should show stats for totals for in-active pre-packaged rules', async () => { - await installPrePackagedRules(supertest, es, log); + await installMockPrebuiltRules(supertest, es); await retry.try(async () => { const stats = await getStats(supertest, log); expect(stats.detection_rules.detection_rule_usage.elastic_total.enabled).above(0); @@ -1299,7 +1299,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should show stats for the detection_rule_details for a specific pre-packaged rule', async () => { - await installPrePackagedRules(supertest, es, log); + await installMockPrebuiltRules(supertest, es); await retry.try(async () => { const stats = await getStats(supertest, log); const foundRule = stats.detection_rules.detection_rule_detail.find( @@ -1329,7 +1329,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should show "notifications_disabled" to be "1", "has_notification" to be "true, "has_legacy_notification" to be "false" for rule that has at least "1" action(s) and the alert is "disabled"/"in-active"', async () => { - await installPrePackagedRules(supertest, es, log); + await installMockPrebuiltRules(supertest, es); const immutableRule = await getRule(supertest, log, ELASTIC_SECURITY_RULE_ID); const hookAction = await createNewAction(supertest, log); const newRuleToUpdate = getSimpleRule(immutableRule.rule_id); @@ -1381,7 +1381,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should show "notifications_enabled" to be "1", "has_notification" to be "true, "has_legacy_notification" to be "false" for rule that has at least "1" action(s) and the alert is "enabled"/"active"', async () => { - await installPrePackagedRules(supertest, es, log); + await installMockPrebuiltRules(supertest, es); const immutableRule = await getRule(supertest, log, ELASTIC_SECURITY_RULE_ID); const hookAction = await createNewAction(supertest, log); const newRuleToUpdate = getSimpleRule(immutableRule.rule_id); @@ -1433,7 +1433,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should show "legacy_notifications_disabled" to be "1", "has_notification" to be "false, "has_legacy_notification" to be "true" for rule that has at least "1" action(s) and the alert is "disabled"/"in-active"', async () => { - await installPrePackagedRules(supertest, es, log); + await installMockPrebuiltRules(supertest, es); const immutableRule = await getRule(supertest, log, ELASTIC_SECURITY_RULE_ID); const hookAction = await createNewAction(supertest, log); const newRuleToUpdate = getSimpleRule(immutableRule.rule_id, false); @@ -1485,7 +1485,7 @@ export default ({ getService }: FtrProviderContext) => { }); it('should show "legacy_notifications_enabled" to be "1", "has_notification" to be "false, "has_legacy_notification" to be "true" for rule that has at least "1" action(s) and the alert is "enabled"/"active"', async () => { - await installPrePackagedRules(supertest, es, log); + await installMockPrebuiltRules(supertest, es); const immutableRule = await getRule(supertest, log, ELASTIC_SECURITY_RULE_ID); const hookAction = await createNewAction(supertest, log); const newRuleToUpdate = getSimpleRule(immutableRule.rule_id, true); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group5/keyword_family/const_keyword.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group5/keyword_family/const_keyword.ts index f0290b8258dd8..104778907bf21 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group5/keyword_family/const_keyword.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group5/keyword_family/const_keyword.ts @@ -16,7 +16,7 @@ import { FtrProviderContext } from '../../../common/ftr_provider_context'; import { createRule, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getEqlRuleForSignalTesting, getRuleForSignalTesting, @@ -49,7 +49,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); describe('"kql" rule type', () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group5/keyword_family/keyword.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group5/keyword_family/keyword.ts index ef8126015c758..da9584f3afe9c 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group5/keyword_family/keyword.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group5/keyword_family/keyword.ts @@ -17,7 +17,7 @@ import { FtrProviderContext } from '../../../common/ftr_provider_context'; import { createRule, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getEqlRuleForSignalTesting, getRuleForSignalTesting, @@ -48,7 +48,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); describe('"kql" rule type', () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group5/keyword_family/keyword_mixed_with_const.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group5/keyword_family/keyword_mixed_with_const.ts index 5949770ef23f9..476f287f8c35d 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group5/keyword_family/keyword_mixed_with_const.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group5/keyword_family/keyword_mixed_with_const.ts @@ -16,7 +16,7 @@ import { FtrProviderContext } from '../../../common/ftr_provider_context'; import { createRule, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getEqlRuleForSignalTesting, getRuleForSignalTesting, @@ -50,7 +50,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); describe('"kql" rule type', () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group6/alerts/alerts_compatibility.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group6/alerts/alerts_compatibility.ts index c7d33dda982a0..81fc299805e9a 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group6/alerts/alerts_compatibility.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group6/alerts/alerts_compatibility.ts @@ -23,7 +23,7 @@ import { import { createRule, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, finalizeSignalsMigration, getEqlRuleForSignalTesting, @@ -70,7 +70,7 @@ export default ({ getService }: FtrProviderContext) => { 'x-pack/test/functional/es_archives/security_solution/legacy_cti_signals' ); await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('allows querying of legacy enriched signals by threat.indicator', async () => { @@ -219,7 +219,7 @@ export default ({ getService }: FtrProviderContext) => { 'x-pack/test/functional/es_archives/security_solution/alerts/7.16.0' ); await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should generate a signal-on-legacy-signal with legacy index pattern', async () => { @@ -552,7 +552,7 @@ export default ({ getService }: FtrProviderContext) => { 'x-pack/test/functional/es_archives/security_solution/alerts/7.16.0' ); await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should generate a signal-on-legacy-signal with legacy index pattern', async () => { @@ -593,7 +593,7 @@ export default ({ getService }: FtrProviderContext) => { 'x-pack/test/functional/es_archives/security_solution/alerts/7.16.0' ); await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should generate a signal-on-legacy-signal with legacy index pattern', async () => { @@ -632,7 +632,7 @@ export default ({ getService }: FtrProviderContext) => { 'x-pack/test/functional/es_archives/security_solution/alerts/7.16.0' ); await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should generate a signal-on-legacy-signal with legacy index pattern', async () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group7/exception_operators_data_types/date.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group7/exception_operators_data_types/date.ts index 5ab47a91ef684..6c1a44df3b8b0 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group7/exception_operators_data_types/date.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group7/exception_operators_data_types/date.ts @@ -18,7 +18,7 @@ import { createRule, createRuleWithExceptionEntries, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getRuleForSignalTesting, getSignalsById, @@ -48,7 +48,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); await deleteAllExceptions(supertest, log); await deleteListsIndex(supertest, log); }); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group7/exception_operators_data_types/double.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group7/exception_operators_data_types/double.ts index 63b26c91073cd..c08a7d0e9a881 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group7/exception_operators_data_types/double.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group7/exception_operators_data_types/double.ts @@ -18,7 +18,7 @@ import { createRule, createRuleWithExceptionEntries, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getRuleForSignalTesting, getSignalsById, @@ -52,7 +52,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); await deleteAllExceptions(supertest, log); await deleteListsIndex(supertest, log); }); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group7/exception_operators_data_types/float.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group7/exception_operators_data_types/float.ts index 840837186a426..10236b51a805f 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group7/exception_operators_data_types/float.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group7/exception_operators_data_types/float.ts @@ -18,7 +18,7 @@ import { createRule, createRuleWithExceptionEntries, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getRuleForSignalTesting, getSignalsById, @@ -50,7 +50,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); await deleteAllExceptions(supertest, log); await deleteListsIndex(supertest, log); }); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group7/exception_operators_data_types/integer.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group7/exception_operators_data_types/integer.ts index f7a2951790c56..9468f91530e31 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group7/exception_operators_data_types/integer.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group7/exception_operators_data_types/integer.ts @@ -18,7 +18,7 @@ import { createRule, createRuleWithExceptionEntries, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getRuleForSignalTesting, getSignalsById, @@ -52,7 +52,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); await deleteAllExceptions(supertest, log); await deleteListsIndex(supertest, log); }); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group8/exception_operators_data_types/keyword.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group8/exception_operators_data_types/keyword.ts index e73a942ab69d5..3f6958bb4daea 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group8/exception_operators_data_types/keyword.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group8/exception_operators_data_types/keyword.ts @@ -18,7 +18,7 @@ import { createRule, createRuleWithExceptionEntries, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getRuleForSignalTesting, getSignalsById, @@ -48,7 +48,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); await deleteAllExceptions(supertest, log); await deleteListsIndex(supertest, log); }); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group8/exception_operators_data_types/keyword_array.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group8/exception_operators_data_types/keyword_array.ts index 3aff8c152a9a6..8cd676492c38a 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group8/exception_operators_data_types/keyword_array.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group8/exception_operators_data_types/keyword_array.ts @@ -18,7 +18,7 @@ import { createRule, createRuleWithExceptionEntries, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getRuleForSignalTesting, getSignalsById, @@ -50,7 +50,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); await deleteAllExceptions(supertest, log); await deleteListsIndex(supertest, log); }); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group8/exception_operators_data_types/long.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group8/exception_operators_data_types/long.ts index 36a2ff1e19cbf..3d95f8a22f35e 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group8/exception_operators_data_types/long.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group8/exception_operators_data_types/long.ts @@ -18,7 +18,7 @@ import { createRule, createRuleWithExceptionEntries, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getRuleForSignalTesting, getSignalsById, @@ -50,7 +50,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); await deleteAllExceptions(supertest, log); await deleteListsIndex(supertest, log); }); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group8/exception_operators_data_types/text.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group8/exception_operators_data_types/text.ts index 6a0eebb4161f5..0fdc7d145e983 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group8/exception_operators_data_types/text.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group8/exception_operators_data_types/text.ts @@ -19,7 +19,7 @@ import { createRule, createRuleWithExceptionEntries, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getRuleForSignalTesting, getSignalsById, @@ -51,7 +51,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); await deleteAllExceptions(supertest, log); await deleteListsIndex(supertest, log); }); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group9/exception_operators_data_types/ip.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group9/exception_operators_data_types/ip.ts index 8e79b933be126..b3770a43f42a2 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group9/exception_operators_data_types/ip.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group9/exception_operators_data_types/ip.ts @@ -18,7 +18,7 @@ import { createRule, createRuleWithExceptionEntries, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getRuleForSignalTesting, getSignalsById, @@ -48,7 +48,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); await deleteAllExceptions(supertest, log); await deleteListsIndex(supertest, log); }); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group9/exception_operators_data_types/ip_array.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group9/exception_operators_data_types/ip_array.ts index a057fe0cb8001..1e7f9f598a52f 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group9/exception_operators_data_types/ip_array.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group9/exception_operators_data_types/ip_array.ts @@ -18,7 +18,7 @@ import { createRule, createRuleWithExceptionEntries, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getRuleForSignalTesting, getSignalsById, @@ -48,7 +48,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); await deleteAllExceptions(supertest, log); await deleteListsIndex(supertest, log); }); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/group9/exception_operators_data_types/text_array.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/group9/exception_operators_data_types/text_array.ts index f079cc1e0fac1..e10a0d8b87767 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/group9/exception_operators_data_types/text_array.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/group9/exception_operators_data_types/text_array.ts @@ -18,7 +18,7 @@ import { createRule, createRuleWithExceptionEntries, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getRuleForSignalTesting, getSignalsById, @@ -48,7 +48,7 @@ export default ({ getService }: FtrProviderContext) => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); await deleteAllExceptions(supertest, log); await deleteListsIndex(supertest, log); }); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/eql.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/eql.ts index cffc0a311ef3f..64d71539eb065 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/eql.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/eql.ts @@ -28,7 +28,7 @@ import { } from '@kbn/security-solution-plugin/common/field_maps/field_names'; import { createRule, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getEqlRuleForSignalTesting, getOpenSignals, @@ -58,7 +58,7 @@ export default ({ getService }: FtrProviderContext) => { 'x-pack/test/functional/es_archives/security_solution/timestamp_override_6' ); await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); // First test creates a real rule - remaining tests use preview API diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/machine_learning.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/machine_learning.ts index 2bf1b0b26ce48..fe12454cf4591 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/machine_learning.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/machine_learning.ts @@ -33,7 +33,7 @@ import { import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createRule, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, executeSetupModuleRequest, forceStartDatafeeds, @@ -77,7 +77,7 @@ export default ({ getService }: FtrProviderContext) => { await esArchiver.unload('x-pack/test/functional/es_archives/auditbeat/hosts'); await esArchiver.unload('x-pack/test/functional/es_archives/security_solution/anomalies'); await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); // First test creates a real rule - remaining tests use preview API diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/new_terms.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/new_terms.ts index 647bc8f0c82a0..ded6e5487dbe5 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/new_terms.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/new_terms.ts @@ -16,7 +16,7 @@ import { } from '@kbn/security-solution-plugin/server/lib/detection_engine/rule_types/new_terms/utils'; import { createRule, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getOpenSignals, getPreviewAlerts, @@ -47,7 +47,7 @@ export default ({ getService }: FtrProviderContext) => { await esArchiver.unload('x-pack/test/functional/es_archives/auditbeat/hosts'); await esArchiver.unload('x-pack/test/functional/es_archives/security_solution/new_terms'); await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); // First test creates a real rule - remaining tests use preview API diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/non_ecs_fields.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/non_ecs_fields.ts index 46650ea0b8eb9..3c5368b7a23ad 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/non_ecs_fields.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/non_ecs_fields.ts @@ -9,7 +9,7 @@ import expect from 'expect'; import { v4 as uuidv4 } from 'uuid'; import { - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getPreviewAlerts, getRuleForSignalTesting, @@ -77,7 +77,7 @@ export default ({ getService }: FtrProviderContext) => { 'x-pack/test/functional/es_archives/security_solution/ecs_non_compliant' ); await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); // source agent.name is object, ECS mapping for agent.name is keyword diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/query.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/query.ts index 0b457365d4a8a..446163e0fc05b 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/query.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/query.ts @@ -39,7 +39,7 @@ import { createExceptionList, createExceptionListItem, createRule, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getOpenSignals, getPreviewAlerts, @@ -84,7 +84,7 @@ export default ({ getService }: FtrProviderContext) => { await esArchiver.unload('x-pack/test/functional/es_archives/security_solution/alerts/8.1.0'); await esArchiver.unload('x-pack/test/functional/es_archives/signals/severity_risk_overrides'); await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); // First test creates a real rule - most remaining tests use preview API diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/saved_query.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/saved_query.ts index c6d26e994a99d..70903cc9ceb78 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/saved_query.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/saved_query.ts @@ -18,7 +18,7 @@ import { } from '@kbn/security-solution-plugin/common/field_maps/field_names'; import { createRule, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getOpenSignals, getRuleForSignalTesting, @@ -46,7 +46,7 @@ export default ({ getService }: FtrProviderContext) => { after(async () => { await esArchiver.unload('x-pack/test/functional/es_archives/auditbeat/hosts'); await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); // First test creates a real rule - remaining tests use preview API diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/threat_match.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/threat_match.ts index dba116e46a751..df9a4fbce88ff 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/threat_match.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/threat_match.ts @@ -37,7 +37,7 @@ import { getOpenSignals, getPreviewAlerts, deleteSignalsIndex, - deleteAllAlerts, + deleteAllRules, createRule, } from '../../utils'; import { FtrProviderContext } from '../../common/ftr_provider_context'; @@ -72,7 +72,7 @@ export default ({ getService }: FtrProviderContext) => { after(async () => { await esArchiver.unload('x-pack/test/functional/es_archives/auditbeat/hosts'); await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); // First 2 test creates a real rule - remaining tests use preview API diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/import_rules.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/import_rules.ts index 135bf49c15ff9..0e1e1234dc7a4 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/import_rules.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/import_rules.ts @@ -19,7 +19,7 @@ import { ROLES } from '@kbn/security-solution-plugin/common/test'; import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createSignalsIndex, - deleteAllAlerts, + deleteAllRules, deleteSignalsIndex, getSimpleRule, getSimpleRuleAsNdjson, @@ -115,7 +115,7 @@ export default ({ getService }: FtrProviderContext): void => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should successfully import rules without actions when user has no actions privileges', async () => { const { body } = await supertestWithoutAuth @@ -240,7 +240,7 @@ export default ({ getService }: FtrProviderContext): void => { afterEach(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); }); it('should set the response content types to be expected', async () => { diff --git a/x-pack/test/detection_engine_api_integration/utils/create_prebuilt_rule_saved_objects.ts b/x-pack/test/detection_engine_api_integration/utils/create_prebuilt_rule_saved_objects.ts deleted file mode 100644 index c97f97d3a62a3..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/create_prebuilt_rule_saved_objects.ts +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { Client } from '@elastic/elasticsearch'; -import { - getPrebuiltRuleMock, - getPrebuiltRuleWithExceptionsMock, -} from '@kbn/security-solution-plugin/common/detection_engine/prebuilt_rules/model/prebuilt_rule.mock'; - -/** - * Rule signature id (`rule.rule_id`) of the prebuilt "Endpoint Security" rule. - */ -export const ELASTIC_SECURITY_RULE_ID = '9a1a2dae-0b5f-4c3d-8305-a268d404c306'; - -export const SAMPLE_PREBUILT_RULES = [ - { - 'security-rule': { - ...getPrebuiltRuleWithExceptionsMock(), - rule_id: ELASTIC_SECURITY_RULE_ID, - tags: ['test-tag-1'], - enabled: true, - }, - type: 'security-rule', - references: [], - coreMigrationVersion: '8.6.0', - updated_at: '2022-11-01T12:56:39.717Z', - created_at: '2022-11-01T12:56:39.717Z', - }, - { - 'security-rule': { - ...getPrebuiltRuleMock(), - rule_id: '000047bb-b27a-47ec-8b62-ef1a5d2c9e19', - tags: ['test-tag-2'], - }, - type: 'security-rule', - references: [], - coreMigrationVersion: '8.6.0', - updated_at: '2022-11-01T12:56:39.717Z', - created_at: '2022-11-01T12:56:39.717Z', - }, - { - 'security-rule': { - ...getPrebuiltRuleMock(), - rule_id: '00140285-b827-4aee-aa09-8113f58a08f3', - tags: ['test-tag-3'], - }, - type: 'security-rule', - references: [], - coreMigrationVersion: '8.6.0', - updated_at: '2022-11-01T12:56:39.717Z', - created_at: '2022-11-01T12:56:39.717Z', - }, -]; - -/** - * Creates saved objects with prebuilt rule assets which can be used for installing actual prebuilt rules after that. - * - * @param es Elasticsearch client - */ -export const createPrebuiltRuleAssetSavedObjects = async (es: Client): Promise => { - await es.bulk({ - refresh: 'wait_for', - body: SAMPLE_PREBUILT_RULES.flatMap((doc) => [ - { index: { _index: '.kibana', _id: `security-rule:${doc['security-rule'].rule_id}` } }, - doc, - ]), - }); -}; diff --git a/x-pack/test/detection_engine_api_integration/utils/create_rule.ts b/x-pack/test/detection_engine_api_integration/utils/create_rule.ts index b110b8afb905d..b699649b64747 100644 --- a/x-pack/test/detection_engine_api_integration/utils/create_rule.ts +++ b/x-pack/test/detection_engine_api_integration/utils/create_rule.ts @@ -40,7 +40,7 @@ export const createRule = async ( response.body )}, status: ${JSON.stringify(response.status)}` ); - await deleteRule(supertest, log, rule.rule_id); + await deleteRule(supertest, rule.rule_id); const secondResponseTry = await supertest .post(DETECTION_ENGINE_RULES_URL) .set('kbn-xsrf', 'true') diff --git a/x-pack/test/detection_engine_api_integration/utils/delete_all_alerts.ts b/x-pack/test/detection_engine_api_integration/utils/delete_all_rules.ts similarity index 95% rename from x-pack/test/detection_engine_api_integration/utils/delete_all_alerts.ts rename to x-pack/test/detection_engine_api_integration/utils/delete_all_rules.ts index 95dd94399e414..1bd077defcac1 100644 --- a/x-pack/test/detection_engine_api_integration/utils/delete_all_alerts.ts +++ b/x-pack/test/detection_engine_api_integration/utils/delete_all_rules.ts @@ -18,7 +18,7 @@ import { countDownTest } from './count_down_test'; * Removes all rules by looping over any found and removing them from REST. * @param supertest The supertest agent. */ -export const deleteAllAlerts = async ( +export const deleteAllRules = async ( supertest: SuperTest.SuperTest, log: ToolingLog ): Promise => { @@ -37,7 +37,7 @@ export const deleteAllAlerts = async ( passed: finalCheck.data.length === 0, }; }, - 'deleteAllAlerts', + 'deleteAllRules', log, 50, 1000 diff --git a/x-pack/test/detection_engine_api_integration/utils/delete_rule.ts b/x-pack/test/detection_engine_api_integration/utils/delete_rule.ts index a1678464def71..21914a6b40e3c 100644 --- a/x-pack/test/detection_engine_api_integration/utils/delete_rule.ts +++ b/x-pack/test/detection_engine_api_integration/utils/delete_rule.ts @@ -5,7 +5,6 @@ * 2.0. */ -import type { ToolingLog } from '@kbn/tooling-log'; import type SuperTest from 'supertest'; import type { RuleResponse } from '@kbn/security-solution-plugin/common/detection_engine/rule_schema'; @@ -16,23 +15,15 @@ import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common * It does not check for a 200 "ok" on this. * @param supertest The supertest deps * @param ruleId The rule id to delete - * @param log The tooling logger */ export const deleteRule = async ( supertest: SuperTest.SuperTest, - log: ToolingLog, ruleId: string ): Promise => { const response = await supertest .delete(`${DETECTION_ENGINE_RULES_URL}?rule_id=${ruleId}`) - .set('kbn-xsrf', 'true'); - if (response.status !== 200) { - log.error( - `Did not get an expected 200 "ok" when deleting the rule (deleteRule). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( - response.body - )}, status: ${JSON.stringify(response.status)}` - ); - } + .set('kbn-xsrf', 'true') + .expect(200); return response.body; }; diff --git a/x-pack/test/detection_engine_api_integration/utils/get_prepackaged_rule_status.ts b/x-pack/test/detection_engine_api_integration/utils/get_prepackaged_rule_status.ts deleted file mode 100644 index df680cc12e9c8..0000000000000 --- a/x-pack/test/detection_engine_api_integration/utils/get_prepackaged_rule_status.ts +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import type { ToolingLog } from '@kbn/tooling-log'; -import type SuperTest from 'supertest'; -import { - PREBUILT_RULES_STATUS_URL, - GetPrebuiltRulesAndTimelinesStatusResponse, -} from '@kbn/security-solution-plugin/common/detection_engine/prebuilt_rules'; - -/** - * Helper to cut down on the noise in some of the tests. This - * creates a new action and expects a 200 and does not do any retries. - * @param supertest The supertest deps - */ -export const getPrePackagedRulesStatus = async ( - supertest: SuperTest.SuperTest, - log: ToolingLog -): Promise => { - const response = await supertest.get(PREBUILT_RULES_STATUS_URL).set('kbn-xsrf', 'true').send(); - - if (response.status !== 200) { - log.error( - `Did not get an expected 200 "ok" when getting a pre-packaged rule status. CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( - response.body - )}, status: ${JSON.stringify(response.status)}` - ); - } - return response.body; -}; diff --git a/x-pack/test/detection_engine_api_integration/utils/index.ts b/x-pack/test/detection_engine_api_integration/utils/index.ts index 7d03141f58f10..63a2d9052d113 100644 --- a/x-pack/test/detection_engine_api_integration/utils/index.ts +++ b/x-pack/test/detection_engine_api_integration/utils/index.ts @@ -18,7 +18,7 @@ export * from './create_rule'; export * from './create_rule_with_auth'; export * from './create_rule_with_exception_entries'; export * from './create_signals_index'; -export * from './delete_all_alerts'; +export * from './delete_all_rules'; export * from './delete_all_event_log_execution_events'; export * from './delete_all_rule_execution_info'; export * from './delete_all_timelines'; @@ -40,7 +40,6 @@ export * from './get_legacy_action_notifications_so_by_id'; export * from './get_legacy_action_so'; export * from './get_legacy_actions_so_by_id'; export * from './get_open_signals'; -export * from './get_prepackaged_rule_status'; export * from './get_preview_alerts'; export * from './get_query_all_signals'; export * from './get_query_signal_ids'; @@ -79,7 +78,6 @@ export * from './get_threshold_rule_for_signal_testing'; export * from './get_slack_action'; export * from './get_web_hook_action'; export * from './index_event_log_execution_events'; -export * from './install_prepackaged_rules'; export * from './machine_learning_setup'; export * from './perform_search_query'; export * from './preview_rule_with_exception_entries'; @@ -100,3 +98,10 @@ export * from './wait_for_event_log_execute_complete'; export * from './wait_for_index_to_populate'; export * from './wait_for_rule_success_or_status'; export * from './wait_for_signals_to_be_present'; +export * from './prebuilt_rules/create_prebuilt_rule_saved_objects'; +export * from './prebuilt_rules/delete_all_prebuilt_rule_assets'; +export * from './prebuilt_rules/delete_prebuilt_rules_fleet_package'; +export * from './prebuilt_rules/get_prebuilt_rules_and_timelines_status'; +export * from './prebuilt_rules/install_prebuilt_rules_fleet_package'; +export * from './prebuilt_rules/install_mock_prebuilt_rules'; +export * from './prebuilt_rules/install_prebuilt_rules_and_timelines'; diff --git a/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/create_prebuilt_rule_saved_objects.ts b/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/create_prebuilt_rule_saved_objects.ts new file mode 100644 index 0000000000000..974cc4a001247 --- /dev/null +++ b/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/create_prebuilt_rule_saved_objects.ts @@ -0,0 +1,111 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { Client } from '@elastic/elasticsearch'; +import { + getPrebuiltRuleMock, + getPrebuiltRuleWithExceptionsMock, +} from '@kbn/security-solution-plugin/common/detection_engine/prebuilt_rules/model/prebuilt_rule.mock'; +import { PrebuiltRuleToInstall } from '@kbn/security-solution-plugin/common/detection_engine/prebuilt_rules'; + +/** + * Rule signature id (`rule.rule_id`) of the prebuilt "Endpoint Security" rule. + */ +export const ELASTIC_SECURITY_RULE_ID = '9a1a2dae-0b5f-4c3d-8305-a268d404c306'; + +/** + * A helper function to create a rule asset saved object + * + * @param overrideParams Params to override the default mock + * @returns Created rule asset saved object + */ +export const createRuleAssetSavedObject = (overrideParams: Partial) => ({ + 'security-rule': { + ...getPrebuiltRuleMock(), + ...overrideParams, + }, + type: 'security-rule', + references: [], + coreMigrationVersion: '8.6.0', + updated_at: '2022-11-01T12:56:39.717Z', + created_at: '2022-11-01T12:56:39.717Z', +}); + +export const SAMPLE_PREBUILT_RULES = [ + createRuleAssetSavedObject({ + ...getPrebuiltRuleWithExceptionsMock(), + rule_id: ELASTIC_SECURITY_RULE_ID, + tags: ['test-tag-1'], + enabled: true, + }), + createRuleAssetSavedObject({ + rule_id: '000047bb-b27a-47ec-8b62-ef1a5d2c9e19', + tags: ['test-tag-2'], + }), + createRuleAssetSavedObject({ + rule_id: '00140285-b827-4aee-aa09-8113f58a08f3', + tags: ['test-tag-3'], + }), +]; + +export const SAMPLE_PREBUILT_RULES_WITH_HISTORICAL_VERSIONS = [ + createRuleAssetSavedObject({ rule_id: 'rule-1', version: 1 }), + createRuleAssetSavedObject({ rule_id: 'rule-1', version: 2 }), + createRuleAssetSavedObject({ rule_id: 'rule-2', version: 1 }), + createRuleAssetSavedObject({ rule_id: 'rule-2', version: 2 }), + createRuleAssetSavedObject({ rule_id: 'rule-2', version: 3 }), +]; + +/** + * Creates saved objects with prebuilt rule assets which can be used for + * installing actual prebuilt rules after that. It creates saved objects with + * only latest versions of the rules. Tha matches the behavior of a rules + * package without historical versions. + * + * NOTE: Version is not added to the rule asset saved object id. + * + * @param es Elasticsearch client + */ +export const createPrebuiltRuleAssetSavedObjects = async ( + es: Client, + rules = SAMPLE_PREBUILT_RULES +): Promise => { + await es.bulk({ + refresh: true, + body: rules.flatMap((doc) => [ + { index: { _index: '.kibana', _id: `security-rule:${doc['security-rule'].rule_id}` } }, + doc, + ]), + }); +}; + +/** + * Creates saved objects with prebuilt rule assets which can be used for + * installing actual prebuilt rules after that. It creates saved objects with + * historical versions of the rules. + * + * NOTE: Version is added to the rule asset saved object id. + * + * @param es Elasticsearch client + */ +export const createHistoricalPrebuiltRuleAssetSavedObjects = async ( + es: Client, + rules = SAMPLE_PREBUILT_RULES_WITH_HISTORICAL_VERSIONS +): Promise => { + await es.bulk({ + refresh: true, + body: rules.flatMap((doc) => [ + { + index: { + _index: '.kibana', + _id: `security-rule:${doc['security-rule'].rule_id}_${doc['security-rule'].version}`, + }, + }, + doc, + ]), + }); +}; diff --git a/x-pack/test/detection_engine_api_integration/utils/delete_all_prebuilt_rules.ts b/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/delete_all_prebuilt_rule_assets.ts similarity index 75% rename from x-pack/test/detection_engine_api_integration/utils/delete_all_prebuilt_rules.ts rename to x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/delete_all_prebuilt_rule_assets.ts index de89f80667aff..11f9c75c81cc1 100644 --- a/x-pack/test/detection_engine_api_integration/utils/delete_all_prebuilt_rules.ts +++ b/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/delete_all_prebuilt_rule_assets.ts @@ -8,11 +8,10 @@ import type { Client } from '@elastic/elasticsearch'; /** - * Remove all prebuilt rules from the .kibana index + * Remove all prebuilt rule assets from the .kibana index * @param es The ElasticSearch handle - * @param log The tooling logger */ -export const deleteAllPrebuiltRules = async (es: Client): Promise => { +export const deleteAllPrebuiltRuleAssets = async (es: Client): Promise => { await es.deleteByQuery({ index: '.kibana', q: 'type:security-rule', diff --git a/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/delete_prebuilt_rules_fleet_package.ts b/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/delete_prebuilt_rules_fleet_package.ts new file mode 100644 index 0000000000000..1bb596e2baeb1 --- /dev/null +++ b/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/delete_prebuilt_rules_fleet_package.ts @@ -0,0 +1,32 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { epmRouteService } from '@kbn/fleet-plugin/common'; +import type SuperTest from 'supertest'; + +/** + * Delete the security_detection_engine package using fleet API. + * + * @param supertest Supertest instance + */ +export async function deletePrebuiltRulesFleetPackage( + supertest: SuperTest.SuperTest +) { + const resp = await supertest + .get(epmRouteService.getInfoPath('security_detection_engine')) + .send() + .expect(200); + + if (resp.body.response.status === 'installed') { + await supertest + .delete( + epmRouteService.getRemovePath('security_detection_engine', resp.body.response.version) + ) + .set('kbn-xsrf', 'true') + .send({ force: true }); + } +} diff --git a/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/get_prebuilt_rules_and_timelines_status.ts b/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/get_prebuilt_rules_and_timelines_status.ts new file mode 100644 index 0000000000000..1b5177cecb058 --- /dev/null +++ b/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/get_prebuilt_rules_and_timelines_status.ts @@ -0,0 +1,29 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { + GetPrebuiltRulesAndTimelinesStatusResponse, + PREBUILT_RULES_STATUS_URL, +} from '@kbn/security-solution-plugin/common/detection_engine/prebuilt_rules'; +import type SuperTest from 'supertest'; + +/** + * Helper to retrieve the prebuilt rules status + * + * @param supertest The supertest deps + */ +export const getPrebuiltRulesAndTimelinesStatus = async ( + supertest: SuperTest.SuperTest +): Promise => { + const response = await supertest + .get(PREBUILT_RULES_STATUS_URL) + .set('kbn-xsrf', 'true') + .send() + .expect(200); + + return response.body; +}; diff --git a/x-pack/test/detection_engine_api_integration/utils/install_prepackaged_rules.ts b/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_mock_prebuilt_rules.ts similarity index 51% rename from x-pack/test/detection_engine_api_integration/utils/install_prepackaged_rules.ts rename to x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_mock_prebuilt_rules.ts index 9f48a378832f0..9cd3aabe5f79e 100644 --- a/x-pack/test/detection_engine_api_integration/utils/install_prepackaged_rules.ts +++ b/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_mock_prebuilt_rules.ts @@ -6,28 +6,23 @@ */ import { Client } from '@elastic/elasticsearch'; -import { - InstallPrebuiltRulesAndTimelinesResponse, - PREBUILT_RULES_URL, -} from '@kbn/security-solution-plugin/common/detection_engine/prebuilt_rules'; -import type { ToolingLog } from '@kbn/tooling-log'; +import { InstallPrebuiltRulesAndTimelinesResponse } from '@kbn/security-solution-plugin/common/detection_engine/prebuilt_rules'; import type SuperTest from 'supertest'; import { createPrebuiltRuleAssetSavedObjects } from './create_prebuilt_rule_saved_objects'; +import { installPrebuiltRulesAndTimelines } from './install_prebuilt_rules_and_timelines'; -export const installPrePackagedRules = async ( +/** + * Creates prebuilt rule mocks and installs them + * + * @param supertest Supertest instance + * @param es Elasticsearch client + * @returns Install prebuilt rules response + */ +export const installMockPrebuiltRules = async ( supertest: SuperTest.SuperTest, - es: Client, - log: ToolingLog + es: Client ): Promise => { // Ensure there are prebuilt rule saved objects before installing rules await createPrebuiltRuleAssetSavedObjects(es); - const response = await supertest.put(PREBUILT_RULES_URL).set('kbn-xsrf', 'true').send(); - if (response.status !== 200) { - log.error( - `Did not get an expected 200 "ok" when installing prebuilt rules. body: ${JSON.stringify( - response.body - )}, status: ${JSON.stringify(response.status)}` - ); - } - return response.body; + return installPrebuiltRulesAndTimelines(supertest); }; diff --git a/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_prebuilt_rules_and_timelines.ts b/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_prebuilt_rules_and_timelines.ts new file mode 100644 index 0000000000000..c9729dd1654df --- /dev/null +++ b/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_prebuilt_rules_and_timelines.ts @@ -0,0 +1,37 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { + InstallPrebuiltRulesAndTimelinesResponse, + PREBUILT_RULES_URL, +} from '@kbn/security-solution-plugin/common/detection_engine/prebuilt_rules'; +import type SuperTest from 'supertest'; + +/** + * Installs all prebuilt rules and timelines available in Kibana. Rules are + * installed from the security-rule saved objects. + * + * - No rules will be installed if there are no security-rule assets (e.g., the + * package is not installed or mocks are not created). + * + * - If some prebuilt rules are already installed, they will be upgraded in case + * there are newer versions of them in security-rule assets. + * + * @param supertest SuperTest instance + * @returns Install prebuilt rules response + */ +export const installPrebuiltRulesAndTimelines = async ( + supertest: SuperTest.SuperTest +): Promise => { + const response = await supertest + .put(PREBUILT_RULES_URL) + .set('kbn-xsrf', 'true') + .send() + .expect(200); + + return response.body; +}; diff --git a/x-pack/test/detection_engine_api_integration/utils/install_detection_rules_package_from_fleet.ts b/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_prebuilt_rules_fleet_package.ts similarity index 57% rename from x-pack/test/detection_engine_api_integration/utils/install_detection_rules_package_from_fleet.ts rename to x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_prebuilt_rules_fleet_package.ts index 72408d8fd2af1..30435caa5a7c3 100644 --- a/x-pack/test/detection_engine_api_integration/utils/install_detection_rules_package_from_fleet.ts +++ b/x-pack/test/detection_engine_api_integration/utils/prebuilt_rules/install_prebuilt_rules_fleet_package.ts @@ -6,37 +6,46 @@ */ import { epmRouteService } from '@kbn/fleet-plugin/common'; -import { InstallPackageResponse } from '@kbn/fleet-plugin/common/types'; -import type { ToolingLog } from '@kbn/tooling-log'; import type SuperTest from 'supertest'; /** - * Installed the security_detection_engine package via fleet API. Will + * Installs the `security_detection_engine` package via fleet API. This will + * create real `security-rule` asset saved objects from the package. + * * @param supertest The supertest deps - * @param log The tooling logger * @param version The version to install, e.g. '8.4.1' * @param overrideExistingPackage Whether or not to force the install */ -export const installDetectionRulesPackageFromFleet = async ( - supertest: SuperTest.SuperTest, - log: ToolingLog, - version: string, - overrideExistingPackage: true -): Promise => { - const response = await supertest - .post(epmRouteService.getInstallPath('security_detection_engine', version)) - .set('kbn-xsrf', 'true') - .send({ - force: overrideExistingPackage, - }); - if (response.status !== 200) { - log.error( - `Did not get an expected 200 "ok" when installing 'security_detection_engine' fleet package'. body: ${JSON.stringify( - response.body - )}, status: ${JSON.stringify(response.status)}` - ); +export const installPrebuiltRulesFleetPackage = async ({ + supertest, + version, + overrideExistingPackage, +}: { + supertest: SuperTest.SuperTest; + version?: string; + overrideExistingPackage: boolean; +}): Promise => { + if (version) { + // Install a specific version + await supertest + .post(epmRouteService.getInstallPath('security_detection_engine', version)) + .set('kbn-xsrf', 'true') + .send({ + force: overrideExistingPackage, + }) + .expect(200); + } else { + // Install the latest version + await supertest + .post(epmRouteService.getBulkInstallPath()) + .query({ prerelease: true }) + .set('kbn-xsrf', 'true') + .send({ + packages: ['security_detection_engine'], + force: overrideExistingPackage, + }) + .expect(200); } - return response.body; }; /** diff --git a/x-pack/test/rule_registry/security_and_spaces/tests/basic/search_strategy.ts b/x-pack/test/rule_registry/security_and_spaces/tests/basic/search_strategy.ts index 87c8247c171bd..2ae73e97ed845 100644 --- a/x-pack/test/rule_registry/security_and_spaces/tests/basic/search_strategy.ts +++ b/x-pack/test/rule_registry/security_and_spaces/tests/basic/search_strategy.ts @@ -13,7 +13,7 @@ import { FtrProviderContext } from '../../../common/ftr_provider_context'; import { deleteSignalsIndex, createSignalsIndex, - deleteAllAlerts, + deleteAllRules, getRuleForSignalTesting, createRule, waitForSignalsToBePresent, @@ -128,7 +128,7 @@ export default ({ getService }: FtrProviderContext) => { after(async () => { await deleteSignalsIndex(supertest, log); - await deleteAllAlerts(supertest, log); + await deleteAllRules(supertest, log); await esArchiver.unload('x-pack/test/functional/es_archives/auditbeat/hosts'); await esArchiver.unload('x-pack/test/functional/es_archives/observability/alerts'); }); diff --git a/x-pack/test/security_solution_ftr/services/detections/index.ts b/x-pack/test/security_solution_ftr/services/detections/index.ts index e212a09a5d21a..8e1856261dfc9 100644 --- a/x-pack/test/security_solution_ftr/services/detections/index.ts +++ b/x-pack/test/security_solution_ftr/services/detections/index.ts @@ -21,7 +21,7 @@ import { wrapErrorIfNeeded } from '@kbn/security-solution-plugin/common/endpoint import { FtrService } from '../../../functional/ftr_provider_context'; import { EndpointRuleAlertGenerator } from './endpoint_rule_alert_generator'; import { getAlertsIndexMappings } from './alerts_security_index_mappings'; -import { ELASTIC_SECURITY_RULE_ID } from '../../../detection_engine_api_integration/utils/create_prebuilt_rule_saved_objects'; +import { ELASTIC_SECURITY_RULE_ID } from '../../../detection_engine_api_integration/utils/prebuilt_rules/create_prebuilt_rule_saved_objects'; export interface IndexedEndpointRuleAlerts { alerts: estypes.WriteResponseBase[];