Skip to content

Commit

Permalink
refactor test
Browse files Browse the repository at this point in the history
  • Loading branch information
@MadameSheema
MadameSheema committed Mar 10, 2020
1 parent 4eede8f commit 7b508d5
Show file tree
Hide file tree
Showing 8 changed files with 345 additions and 165 deletions.
246 changes: 83 additions & 163 deletions x-pack/legacy/plugins/siem/cypress/integration/signal_detection_rules.spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,46 @@
* you may not use this file except in compliance with the Elastic License.
*/

import { ELASTIC_RULES_BTN, RULES_TABLE, RULES_ROW } from '../screens/signal_detection_rules';
import { newRule } from '../objects/rule';

import {
ABOUT_DESCRIPTION,
ABOUT_EXPECTED_URLS,
ABOUT_FALSE_POSITIVES,
ABOUT_MITRE,
ABOUT_RISK,
ABOUT_RULE_DESCRIPTION,
ABOUT_SEVERITY,
ABOUT_TAGS,
ABOUT_TIMELINE,
DEFINITION_CUSTOM_QUERY,
DEFINITION_DESCRIPTION,
DEFINITION_INDEX_PATTERNS,
RULE_NAME_HEADER,
SCHEDULE_DESCRIPTION,
SCHEDULE_LOOPBACK,
SCHEDULE_RUNS,
} from '../screens/rule_details';
import {
CUSTOM_RULES_BTN,
ELASTIC_RULES_BTN,
RISK_SCORE,
RULE_NAME,
RULES_TABLE,
RULES_ROW,
SEVERITY,
} from '../screens/signal_detection_rules';

import {
createAndActivateRule,
fillAboutRuleAndContinue,
fillDefineRuleAndContinue,
} from '../tasks/create_new_rule';
import {
changeToThreeHundredRowsPerPage,
filterByCustomRules,
goToCreateNewRule,
goToRuleDetails,
loadPrebuiltDetectionRules,
waitForLoadElasticPrebuiltDetectionRulesTableToBeLoaded,
waitForPrebuiltDetectionRulesToBeLoaded,
Expand All @@ -18,14 +54,14 @@ import {
waitForSignalsIndexToBeCreated,
waitForSignalsPanelToBeLoaded,
} from '../tasks/detections';
import { esArchiverLoadFolder, esArchiverResetKibana } from '../tasks/es_archiver';
import { esArchiverLoadEmptyKibana, esArchiverUnloadEmptyKibana } from '../tasks/es_archiver';
import { loginAndWaitForPageWithoutDateRange } from '../tasks/login';

import { DETECTIONS } from '../urls/navigation';

describe('Signal detection rules', () => {
before(() => {
esArchiverLoadFolder();
esArchiverLoadEmptyKibana();
loginAndWaitForPageWithoutDateRange(DETECTIONS);
waitForSignalsPanelToBeLoaded();
waitForSignalsIndexToBeCreated();
Expand All @@ -34,7 +70,7 @@ describe('Signal detection rules', () => {
});

after(() => {
esArchiverResetKibana();
esArchiverUnloadEmptyKibana();
});

it('Loads prebuilt rules', () => {
Expand All @@ -56,114 +92,12 @@ describe('Signal detection rules', () => {
});

it('Creates and activates new rule', () => {
cy.get('[data-test-subj="create-new-rule"]').click({ force: true });

interface Mitre {
tactic: string;
techniques: string[];
}

interface Rule {
customQuery: string;
name: string;
description: string;
severity: string;
riskScore: string;
tags: string[];
timelineTemplate?: string;
referenceUrls: string[];
falsePositivesExamples: string[];
mitre: Mitre[];
}

const mitre1: Mitre = {
tactic: 'Discovery (TA0007)',
techniques: ['Cloud Service Discovery (T1526)', 'File and Directory Discovery (T1083)'],
};

const mitre2: Mitre = {
tactic: 'Execution (TA0002)',
techniques: ['CMSTP (T1191)'],
};

const newRule: Rule = {
customQuery: 'hosts.name: *',
name: 'New Rule Test',
description: 'The new rule description.',
severity: 'High',
riskScore: '17',
tags: ['test', 'newRule'],
referenceUrls: ['https://www.google.com/', 'https://elastic.co/'],
falsePositivesExamples: ['False1', 'False2'],
mitre: [mitre1, mitre2],
};

cy.get('[data-test-subj="queryInput"]').type(newRule.customQuery);
cy.get('[data-test-subj="continue"]')
.should('exist')
.click({ force: true });
cy.get('[data-test-subj="queryInput"]').should('not.exist');

cy.get(
'[data-test-subj="detectionEngineStepAboutRuleName"] [data-test-subj="input"]'
).type(newRule.name, { force: true });
cy.get(
'[data-test-subj="detectionEngineStepAboutRuleDescription"] [data-test-subj="input"]'
).type(newRule.description, { force: true });
cy.get('[data-test-subj="select"]').click({ force: true });

cy.get(`#${newRule.severity.toLowerCase()}`).click();
cy.get('.euiRangeInput')
.clear({ force: true })
.type(`${newRule.riskScore}`, { force: true });

newRule.tags.forEach(tag => {
cy.get(
'[data-test-subj="detectionEngineStepAboutRuleTags"] [data-test-subj="comboBoxSearchInput"]'
).type(`${tag}{enter}`, { force: true });
});
cy.get('[data-test-subj="advancedSettings"] .euiAccordion__button').click({ force: true });

newRule.referenceUrls.forEach((url, index) => {
cy.get('[data-test-subj="detectionEngineStepAboutRuleReferenceUrls"] input')
.eq(index)
.type(url, { force: true });
cy.get(
'[data-test-subj="detectionEngineStepAboutRuleReferenceUrls"] .euiButtonEmpty__text'
).click({ force: true });
});

newRule.falsePositivesExamples.forEach((falsePositive, index) => {
cy.get('[data-test-subj="detectionEngineStepAboutRuleFalsePositives"] input')
.eq(index)
.type(falsePositive, { force: true });
cy.get(
'[data-test-subj="detectionEngineStepAboutRuleFalsePositives"] .euiButtonEmpty__text'
).click({ force: true });
});

newRule.mitre.forEach((mitre, index) => {
cy.get('[data-test-subj="mitreTactic"]')
.eq(index)
.click({ force: true });
cy.contains('.euiContextMenuItem__text', mitre.tactic).click();

mitre.techniques.forEach(technique => {
cy.get('[data-test-subj="mitreTechniques"] [data-test-subj="comboBoxSearchInput"]')
.eq(index)
.type(`${technique}{enter}`, { force: true });
});
cy.get('[data-test-subj="addMitre"]').click({ force: true });
});
goToCreateNewRule();
fillDefineRuleAndContinue(newRule);
fillAboutRuleAndContinue(newRule);
createAndActivateRule();

cy.get('[data-test-subj="about-continue"]')
.should('exist')
.click({ force: true });

cy.get('[data-test-subj="create-activate"]').click({ force: true });
cy.get('[data-test-subj="create-activate"]').should('not.exist');

cy.get('[data-test-subj="show-custom-rules-filter-button"]')
cy.get(CUSTOM_RULES_BTN)
.invoke('text')
.should('eql', 'Custom rules (1)');

Expand All @@ -175,26 +109,27 @@ describe('Signal detection rules', () => {
cy.wrap($table.find(RULES_ROW).length).should('eql', expectedNumberOfRules);
});

cy.get('[data-test-subj="show-custom-rules-filter-button"]').click({ force: true });
cy.get('[data-test-subj="loading-spinner"]').should('exist');
cy.get('[data-test-subj="loading-spinner"]').should('not.exist');
filterByCustomRules();

cy.get(RULES_TABLE).then($table => {
cy.wrap($table.find(RULES_ROW).length).should('eql', 1);
});

cy.get('[data-test-subj="ruleName"]')
cy.get(RULE_NAME)
.invoke('text')
.should('eql', newRule.name);
cy.get('[data-test-subj="riskScore"]')
cy.get(RISK_SCORE)
.invoke('text')
.should('eql', newRule.riskScore);
cy.get('[data-test-subj="severity"]')
cy.get(SEVERITY)
.invoke('text')
.should('eql', newRule.severity);
cy.get('[data-test-subj="rule-switch"]').should('have.attr', 'aria-checked', 'true');

cy.get('[data-test-subj="ruleName"]').click({ force: true });
goToRuleDetails();

cy.get(RULE_NAME_HEADER)
.invoke('text')
.should('eql', `${newRule.name} Beta`);

const expectedIndexPatterns = [
'apm-*-transaction*',
Expand All @@ -204,93 +139,78 @@ describe('Signal detection rules', () => {
'packetbeat-*',
'winlogbeat-*',
];

cy.get('.euiLoadingSpinner').should('exist');
cy.get('.euiLoadingSpinner').should('not.exist');

cy.get('[data-test-subj="definition"] .euiDescriptionList__description .euiBadge__text').then(
patterns => {
cy.wrap(patterns).each((pattern, index) => {
cy.wrap(pattern)
.invoke('text')
.should('eql', expectedIndexPatterns[index]);
});
}
);

cy.get('[data-test-subj="definition"] .euiDescriptionList__description')
.eq(1)
cy.get(DEFINITION_INDEX_PATTERNS).then(patterns => {
cy.wrap(patterns).each((pattern, index) => {
cy.wrap(pattern)
.invoke('text')
.should('eql', expectedIndexPatterns[index]);
});
});
cy.get(DEFINITION_DESCRIPTION)
.eq(DEFINITION_CUSTOM_QUERY)
.invoke('text')
.should('eql', `${newRule.customQuery} `);

cy.get('[data-test-subj="aboutRule"] .euiDescriptionList__description')
.eq(0)
cy.get(ABOUT_DESCRIPTION)
.eq(ABOUT_RULE_DESCRIPTION)
.invoke('text')
.should('eql', newRule.description);
cy.get('[data-test-subj="aboutRule"] .euiDescriptionList__description')
.eq(1)
cy.get(ABOUT_DESCRIPTION)
.eq(ABOUT_SEVERITY)
.invoke('text')
.should('eql', newRule.severity);
cy.get('[data-test-subj="aboutRule"] .euiDescriptionList__description')
.eq(2)
cy.get(ABOUT_DESCRIPTION)
.eq(ABOUT_RISK)
.invoke('text')
.should('eql', newRule.riskScore);
cy.get('[data-test-subj="aboutRule"] .euiDescriptionList__description')
.eq(3)
cy.get(ABOUT_DESCRIPTION)
.eq(ABOUT_TIMELINE)
.invoke('text')
.should('eql', 'Default blank timeline');

let expectedUrls = '';

newRule.referenceUrls.forEach(url => {
expectedUrls = expectedUrls + url;
});
cy.get('[data-test-subj="aboutRule"] .euiDescriptionList__description')
.eq(4)
cy.get(ABOUT_DESCRIPTION)
.eq(ABOUT_EXPECTED_URLS)
.invoke('text')
.should('eql', expectedUrls);

let expectedFalsePositives = '';

newRule.falsePositivesExamples.forEach(falsePositive => {
expectedFalsePositives = expectedFalsePositives + falsePositive;
});
cy.get('[data-test-subj="aboutRule"] .euiDescriptionList__description')
.eq(5)
cy.get(ABOUT_DESCRIPTION)
.eq(ABOUT_FALSE_POSITIVES)
.invoke('text')
.should('eql', expectedFalsePositives);

let expectedMitre = '';

newRule.mitre.forEach(mitre => {
expectedMitre = expectedMitre + mitre.tactic;
mitre.techniques.forEach(technique => {
expectedMitre = expectedMitre + technique;
});
});

cy.get('[data-test-subj="aboutRule"] .euiDescriptionList__description')
.eq(6)
cy.get(ABOUT_DESCRIPTION)
.eq(ABOUT_MITRE)
.invoke('text')
.should('eql', expectedMitre);

let expectedTags = '';

newRule.tags.forEach(tag => {
expectedTags = expectedTags + tag;
});

cy.get('[data-test-subj="aboutRule"] .euiDescriptionList__description')
.eq(7)
cy.get(ABOUT_DESCRIPTION)
.eq(ABOUT_TAGS)
.invoke('text')
.should('eql', expectedTags);

cy.get('[data-test-subj="schedule"] .euiDescriptionList__description')
.eq(0)
cy.get(SCHEDULE_DESCRIPTION)
.eq(SCHEDULE_RUNS)
.invoke('text')
.should('eql', '5m');
cy.get('[data-test-subj="schedule"] .euiDescriptionList__description')
.eq(1)
cy.get(SCHEDULE_DESCRIPTION)
.eq(SCHEDULE_LOOPBACK)
.invoke('text')
.should('eql', '1m');
});
Expand Down
45 changes: 45 additions & 0 deletions x-pack/legacy/plugins/siem/cypress/objects/rule.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/

interface Mitre {
tactic: string;
techniques: string[];
}

export interface Rule {
customQuery: string;
name: string;
description: string;
severity: string;
riskScore: string;
tags: string[];
timelineTemplate?: string;
referenceUrls: string[];
falsePositivesExamples: string[];
mitre: Mitre[];
}

const mitre1: Mitre = {
tactic: 'Discovery (TA0007)',
techniques: ['Cloud Service Discovery (T1526)', 'File and Directory Discovery (T1083)'],
};

const mitre2: Mitre = {
tactic: 'Execution (TA0002)',
techniques: ['CMSTP (T1191)'],
};

export const newRule: Rule = {
customQuery: 'hosts.name: *',
name: 'New Rule Test',
description: 'The new rule description.',
severity: 'High',
riskScore: '17',
tags: ['test', 'newRule'],
referenceUrls: ['https://www.google.com/', 'https://elastic.co/'],
falsePositivesExamples: ['False1', 'False2'],
mitre: [mitre1, mitre2],
};
Loading

0 comments on commit 7b508d5

Please sign in to comment.