[TIP] Add to blocklist functionality (#148516)

elastic · Jan 17, 2023 · d9b3a4f · d9b3a4f
1 parent 92418a6
commit d9b3a4f
Show file tree

Hide file tree

Showing 24 changed files with 779 additions and 7 deletions.
diff --git a/x-pack/plugins/security_solution/public/threat_intelligence/routes.tsx b/x-pack/plugins/security_solution/public/threat_intelligence/routes.tsx
@@ -12,6 +12,9 @@ import { THREAT_INTELLIGENCE_BASE_PATH } from '@kbn/threat-intelligence-plugin/p
 import type { SourcererDataView } from '@kbn/threat-intelligence-plugin/public/types';
 import type { Store } from 'redux';
 import { useSelector } from 'react-redux';
+import { useSetUrlParams } from '../management/components/artifact_list_page/hooks/use_set_url_params';
+import { BlockListForm } from '../management/pages/blocklist/view/components/blocklist_form';
+import { BlocklistsApiClient } from '../management/pages/blocklist/services';
 import { useInvestigateInTimeline } from './use_investigate_in_timeline';
 import { getStore, inputsSelectors } from '../common/store';
 import { useKibana } from '../common/lib/kibana';
@@ -26,9 +29,10 @@ import { SiemSearchBar } from '../common/components/search_bar';
 import { useGlobalTime } from '../common/containers/use_global_time';
 import { deleteOneQuery, setQuery } from '../common/store/inputs/actions';
 import { InputsModelId } from '../common/store/inputs/constants';
+import { ArtifactFlyout } from '../management/components/artifact_list_page/components/artifact_flyout';
 
 const ThreatIntelligence = memo(() => {
-  const { threatIntelligence } = useKibana().services;
+  const { threatIntelligence, http } = useKibana().services;
   const ThreatIntelligencePlugin = threatIntelligence.getComponent();
 
   const sourcererDataView = useSourcererDataView();
@@ -44,6 +48,15 @@ const ThreatIntelligence = memo(() => {
     sourcererDataView: sourcererDataView as unknown as SourcererDataView,
     getUseInvestigateInTimeline: useInvestigateInTimeline,
 
+    blockList: {
+      exceptionListApiClient: BlocklistsApiClient.getInstance(http),
+      useSetUrlParams,
+      // @ts-ignore
+      getFlyoutComponent: () => ArtifactFlyout,
+      // @ts-ignore
+      getFormComponent: () => BlockListForm,
+    },
+
     useQuery: () => useSelector(inputsSelectors.globalQuerySelector()),
     useFilters: () => useSelector(inputsSelectors.globalFiltersQuerySelector()),
     useGlobalTime,

diff --git a/x-pack/plugins/threat_intelligence/cypress/e2e/block_list.cy.ts b/x-pack/plugins/threat_intelligence/cypress/e2e/block_list.cy.ts
@@ -0,0 +1,92 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import {
+  BLOCK_LIST_ADD_BUTTON,
+  BLOCK_LIST_DESCRIPTION,
+  BLOCK_LIST_NAME,
+  BLOCK_LIST_TOAST_LIST,
+  FLYOUT_ADD_TO_BLOCK_LIST_ITEM,
+  FLYOUT_TAKE_ACTION_BUTTON,
+  INDICATORS_TABLE_ADD_TO_BLOCK_LIST_BUTTON_ICON,
+  INDICATORS_TABLE_MORE_ACTION_BUTTON_ICON,
+  TOGGLE_FLYOUT_BUTTON,
+} from '../screens/indicators';
+import { login } from '../tasks/login';
+import { esArchiverLoad, esArchiverUnload } from '../tasks/es_archiver';
+import { selectRange } from '../tasks/select_range';
+
+const THREAT_INTELLIGENCE = '/app/security/threat_intelligence/indicators';
+
+const BLOCK_LIST_NEW_NAME = 'new blocklist entry';
+
+const fillBlocklistForm = () => {
+  cy.get(BLOCK_LIST_NAME).type(BLOCK_LIST_NEW_NAME);
+  cy.get(BLOCK_LIST_DESCRIPTION).type('the best description');
+  cy.get(BLOCK_LIST_ADD_BUTTON).last().click();
+
+  const text: string = `"${BLOCK_LIST_NEW_NAME}" has been added`;
+  cy.get(BLOCK_LIST_TOAST_LIST).should('exist').and('contain.text', text);
+};
+
+describe('Block list with invalid indicators', () => {
+  before(() => {
+    esArchiverLoad('threat_intelligence/invalid_indicators_data');
+    login();
+  });
+
+  beforeEach(() => {
+    cy.visit(THREAT_INTELLIGENCE);
+    selectRange();
+  });
+
+  after(() => {
+    esArchiverUnload('threat_intelligence/invalid_indicators_data');
+  });
+
+  it('should disabled the indicators table context menu item if invalid indicator', () => {
+    cy.get(INDICATORS_TABLE_MORE_ACTION_BUTTON_ICON).eq(3).click();
+    cy.get(INDICATORS_TABLE_ADD_TO_BLOCK_LIST_BUTTON_ICON).should('be.disabled');
+  });
+
+  it('should disable the flyout context menu items if invalid indicator', () => {
+    cy.get(TOGGLE_FLYOUT_BUTTON).eq(3).click({ force: true });
+    cy.get(FLYOUT_TAKE_ACTION_BUTTON).first().click();
+    cy.get(FLYOUT_ADD_TO_BLOCK_LIST_ITEM).should('be.disabled');
+  });
+});
+
+describe('Block list interactions', () => {
+  before(() => {
+    esArchiverLoad('threat_intelligence/indicators_data');
+    login();
+  });
+
+  beforeEach(() => {
+    cy.visit(THREAT_INTELLIGENCE);
+    selectRange();
+  });
+
+  after(() => {
+    esArchiverUnload('threat_intelligence/indicators_data');
+  });
+
+  it('should add to block list from the indicators table', () => {
+    cy.get(INDICATORS_TABLE_MORE_ACTION_BUTTON_ICON).first().click();
+    cy.get(INDICATORS_TABLE_ADD_TO_BLOCK_LIST_BUTTON_ICON).first().click();
+
+    fillBlocklistForm();
+  });
+
+  it('should add to block list from the indicator flyout', () => {
+    cy.get(TOGGLE_FLYOUT_BUTTON).first().click({ force: true });
+    cy.get(FLYOUT_TAKE_ACTION_BUTTON).first().click();
+    cy.get(FLYOUT_ADD_TO_BLOCK_LIST_ITEM).first().click();
+
+    fillBlocklistForm();
+  });
+});
diff --git a/x-pack/plugins/threat_intelligence/cypress/screens/indicators.ts b/x-pack/plugins/threat_intelligence/cypress/screens/indicators.ts
@@ -17,6 +17,7 @@ import {
 } from '../../public/modules/indicators/components/barchart/legend_action/test_ids';
 import { DROPDOWN_TEST_ID } from '../../public/modules/indicators/components/barchart/field_selector/test_ids';
 import {
+  ADD_TO_BLOCK_LIST_TEST_ID as INDICATOR_FLYOUT_TAKE_ACTION_ADD_TO_BLOCK_LIST_TEST_ID,
   ADD_TO_EXISTING_CASE_TEST_ID as INDICATOR_FLYOUT_TAKE_ACTION_ADD_TO_EXISTING_CASE_TEST_ID,
   ADD_TO_NEW_CASE_TEST_ID as INDICATOR_FLYOUT_TAKE_ACTION_ADD_TO_NEW_CASE_TEST_ID,
   INVESTIGATE_IN_TIMELINE_TEST_ID as INDICATOR_FLYOUT_TAKE_ACTION_INVESTIGATE_IN_TIMELINE_TEST_ID,
@@ -33,6 +34,7 @@ import {
   INDICATORS_FLYOUT_TITLE_TEST_ID,
 } from '../../public/modules/indicators/components/flyout/test_ids';
 import {
+  ADD_TO_BLOCK_LIST_TEST_ID as INDICATORS_TABLE_ADD_TO_BLOCK_LIST_TEST_ID,
   ADD_TO_EXISTING_TEST_ID as INDICATORS_TABLE_ADD_TO_EXISTING_TEST_ID,
   ADD_TO_NEW_CASE_TEST_ID as INDICATORS_TABLE_ADD_TO_NEW_CASE_TEST_ID,
   MORE_ACTIONS_TEST_ID as INDICATORS_TABLE_MORE_ACTIONS_TEST_ID,
@@ -101,6 +103,8 @@ export const INDICATORS_TABLE_ADD_TO_NEW_CASE_BUTTON_ICON = `[data-test-subj="${
 
 export const INDICATORS_TABLE_ADD_TO_EXISTING_CASE_BUTTON_ICON = `[data-test-subj="${INDICATORS_TABLE_ADD_TO_EXISTING_TEST_ID}"]`;
 
+export const INDICATORS_TABLE_ADD_TO_BLOCK_LIST_BUTTON_ICON = `[data-test-subj="${INDICATORS_TABLE_ADD_TO_BLOCK_LIST_TEST_ID}"]`;
+
 /* Flyout */
 
 export const TOGGLE_FLYOUT_BUTTON = `[data-test-subj="${BUTTON_TEST_ID}"]`;
@@ -147,6 +151,8 @@ export const FLYOUT_ADD_TO_NEW_CASE_ITEM = `[data-test-subj="${INDICATOR_FLYOUT_
 
 export const FLYOUT_INVESTIGATE_IN_TIMELINE_ITEM = `[data-test-subj="${INDICATOR_FLYOUT_TAKE_ACTION_INVESTIGATE_IN_TIMELINE_TEST_ID}"]`;
 
+export const FLYOUT_ADD_TO_BLOCK_LIST_ITEM = `[data-test-subj="${INDICATOR_FLYOUT_TAKE_ACTION_ADD_TO_BLOCK_LIST_TEST_ID}"]`;
+
 /* Field selector */
 
 export const FIELD_SELECTOR = `[data-test-subj="${DROPDOWN_TEST_ID}"]`;
@@ -197,6 +203,16 @@ export const NEW_CASE_DESCRIPTION_INPUT = `[data-test-subj="euiMarkdownEditorTex
 
 export const NEW_CASE_CREATE_BUTTON = `[data-test-subj="create-case-submit"]`;
 
+/* Block list */
+
+export const BLOCK_LIST_NAME = '[data-test-subj="blocklist-form-name-input"]';
+
+export const BLOCK_LIST_DESCRIPTION = '[data-test-subj="blocklist-form-description-input"]';
+
+export const BLOCK_LIST_ADD_BUTTON = '[class="eui-textTruncate"]';
+
+export const BLOCK_LIST_TOAST_LIST = '[data-test-subj="globalToastList"]';
+
 /* Miscellaneous */
 
 export const UNTITLED_TIMELINE_BUTTON = `[data-test-subj="flyoutOverlay"]`;

diff --git a/x-pack/plugins/threat_intelligence/public/common/mocks/mock_security_context.tsx b/x-pack/plugins/threat_intelligence/public/common/mocks/mock_security_context.tsx
@@ -5,7 +5,8 @@
  * 2.0.
  */
 
-import React from 'react';
+import React, { NamedExoticComponent } from 'react';
+import { BlockListFlyoutProps, BlockListFormProps } from '../../types';
 import { SecuritySolutionPluginContext } from '../..';
 
 export const getSecuritySolutionContextMock = (): SecuritySolutionPluginContext => ({
@@ -18,7 +19,10 @@ export const getSecuritySolutionContextMock = (): SecuritySolutionPluginContext
     ({ children }) =>
       <div>{children}</div>,
   licenseService: {
-    isEnterprise() {
+    isEnterprise(): boolean {
+      return true;
+    },
+    isPlatinumPlus(): boolean {
       return true;
     },
   },
@@ -48,4 +52,11 @@ export const getSecuritySolutionContextMock = (): SecuritySolutionPluginContext
   registerQuery: () => {},
 
   deregisterQuery: () => {},
+
+  blockList: {
+    exceptionListApiClient: {},
+    useSetUrlParams: () => (params, replace) => {},
+    getFlyoutComponent: () => (<div />) as unknown as NamedExoticComponent<BlockListFlyoutProps>,
+    getFormComponent: () => (<div />) as unknown as NamedExoticComponent<BlockListFormProps>,
+  },
 });
diff --git a/x-pack/plugins/threat_intelligence/public/common/mocks/story_providers.tsx b/x-pack/plugins/threat_intelligence/public/common/mocks/story_providers.tsx
@@ -23,6 +23,7 @@ import { mockUiSettingsService } from './mock_kibana_ui_settings_service';
 import { mockKibanaTimelinesService } from './mock_kibana_timelines_service';
 import { mockTriggersActionsUiService } from './mock_kibana_triggers_actions_ui_service';
 import { InspectorContext } from '../../containers/inspector';
+import { BlockListProvider } from '../../modules/indicators/containers/block_list_provider';
 
 export interface KibanaContextMock {
   /**
@@ -101,7 +102,9 @@ export const StoryProvidersComponent: VFC<StoryProvidersComponentProps> = ({
           <FieldTypesContext.Provider value={generateFieldTypeMap()}>
             <SecuritySolutionContext.Provider value={securitySolutionContextMock}>
               <IndicatorsFiltersContext.Provider value={mockIndicatorsFiltersContext}>
-                <KibanaReactContext.Provider>{children}</KibanaReactContext.Provider>
+                <KibanaReactContext.Provider>
+                  <BlockListProvider>{children}</BlockListProvider>
+                </KibanaReactContext.Provider>
               </IndicatorsFiltersContext.Provider>
             </SecuritySolutionContext.Provider>
           </FieldTypesContext.Provider>