-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] Adds EQL sequence rule test #79287
Conversation
Pinging @elastic/siem (Team:SIEM) |
cy.get(ALERT_RULE_VERSION).first().should('have.text', '1'); | ||
cy.get(ALERT_RULE_METHOD).first().should('have.text', 'eql'); | ||
cy.get(ALERT_RULE_SEVERITY).first().should('have.text', eqlSequenceRule.severity.toLowerCase()); | ||
cy.get(ALERT_RULE_RISK_SCORE).first().should('have.text', eqlSequenceRule.riskScore); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should also verify that the appropriate number of sequence "building block" alerts are generated. The number of sequence "building block" alerts created should be equal to the number of events in the sequence. For example, if your rule query matches one sequence of 3 events, there should be 4 alerts created: one main alert, and 3 "building block" alerts corresponding to the events in the sequence.
@elasticmachine merge upstream |
💚 Build SucceededMetrics [docs]
History
To update your PR or re-run it, just comment with: |
Co-authored-by: Kibana Machine <[email protected]>
…nes/fix-description-field * 'master' of github.com:elastic/kibana: A11y tests for user page (elastic#79199) [Ingest Pipelines] Processors editor a11y focus states (elastic#79122) [Ingest pipelines] Clean up component integration tests (elastic#78838) Drilldowns in examples (elastic#75640) Storybook and Jest cleanup (elastic#79305) adds EQL sequence rule test (elastic#79287) PR template a11y checklist item improvement (elastic#79243) [Security Solution] Adding tests for dns pipeline in the endpoint package (elastic#79177) [ML] Only adjust the bounds of SMV if annotations are visible (elastic#79210) global search to ts refs (elastic#79446) [Index management] Update TemplateDeserialized interface (elastic#78913) [Telemetry] server fetcher check all collectors ready before sending (elastic#79398) [Mappings editor] Fix app crash when selecting "other" field type (elastic#79434) [`/api/stats`] Add documentation + small improvement (elastic#79330) [Discover] "View surrounding documents" encodes spaces in filters (elastic#79283) [Lens] refactor DimensionContainer and fix flyout bug (elastic#79277) # Conflicts: # x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/pipeline_processors_editor_item/inline_text_input.tsx # x-pack/plugins/ingest_pipelines/public/application/components/pipeline_processors_editor/components/processors_tree/components/private_tree.tsx
Friendly reminder: Looks like this PR hasn’t been backported yet. |
Friendly reminder: Looks like this PR hasn’t been backported yet. |
1 similar comment
Friendly reminder: Looks like this PR hasn’t been backported yet. |
Friendly reminder: Looks like this PR hasn’t been backported yet. |
6 similar comments
Friendly reminder: Looks like this PR hasn’t been backported yet. |
Friendly reminder: Looks like this PR hasn’t been backported yet. |
Friendly reminder: Looks like this PR hasn’t been backported yet. |
Friendly reminder: Looks like this PR hasn’t been backported yet. |
Friendly reminder: Looks like this PR hasn’t been backported yet. |
Friendly reminder: Looks like this PR hasn’t been backported yet. |
I conflicted with this missing 7.10 backport when attempting to backport #80440 to 7.10. I have included the changes here in that backport. |
Pinging @elastic/security-solution (Team: SecuritySolution) |
Summary
Adds a Cypress test in order to test that an EQL rule with sequence query generates alerts.