Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Narrow down indices to match case descriptions #89592

Merged
merged 28 commits into from
Feb 22, 2021
Merged

[Security Solution] Narrow down indices to match case descriptions #89592

Show file tree
Hide file tree
Changes from 19 commits
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
544e442
update default index to match with description
angorayc Jan 28, 2021
57a28fa
narrow down indices to match case description
angorayc Jan 28, 2021
4f9108d
Merge branch 'master' into integration-defaultindex
kibanamachine Jan 29, 2021
b21ee5b
run specific tests
angorayc Jan 29, 2021
fcfd7ee
Merge branch 'integration-defaultindex' of github.com:angorayc/kibana…
angorayc Jan 29, 2021
c856aaf
run only security solution's tests
angorayc Jan 31, 2021
78c2462
debug users integration test
angorayc Feb 8, 2021
68153b8
Merge branch 'master' of github.com:elastic/kibana into integration-d…
angorayc Feb 8, 2021
d2ee69f
wait_for_completion_timeout
angorayc Feb 8, 2021
cf92515
run only security_solution
angorayc Feb 8, 2021
a67ce8c
Merge branch 'master' into integration-defaultindex
kibanamachine Feb 8, 2021
cb5656e
Merge branch 'master' into integration-defaultindex
kibanamachine Feb 8, 2021
81163c7
add back integration tests
angorayc Feb 8, 2021
f86d66e
Merge branch 'integration-defaultindex' of github.com:angorayc/kibana…
angorayc Feb 8, 2021
afceaac
avoid multiple requests
angorayc Feb 9, 2021
db7e1ad
Merge branch 'master' into integration-defaultindex
kibanamachine Feb 9, 2021
6363a40
Merge branch 'master' into integration-defaultindex
kibanamachine Feb 9, 2021
8f70ea1
Merge branch 'master' of github.com:elastic/kibana into integration-d…
angorayc Feb 10, 2021
10200fc
Merge branch 'master' into integration-defaultindex
kibanamachine Feb 10, 2021
d7bcd55
Merge branch 'master' into integration-defaultindex
kibanamachine Feb 14, 2021
40940b2
Merge branch 'master' of github.com:elastic/kibana into integration-d…
angorayc Feb 18, 2021
fec1def
Merge branch 'integration-defaultindex' of github.com:angorayc/kibana…
angorayc Feb 18, 2021
740a6d6
uncomment tests
angorayc Feb 22, 2021
1dcb75a
unskip tests
angorayc Feb 22, 2021
f43c4f2
add smaller mock data for users and uncommon_processes
angorayc Feb 22, 2021
d729fc5
Merge branch 'master' into integration-defaultindex
kibanamachine Feb 22, 2021
e1ce1b1
put test back
angorayc Feb 22, 2021
7d5f22a
Merge branch 'integration-defaultindex' of github.com:angorayc/kibana…
angorayc Feb 22, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions x-pack/test/api_integration/apis/security_solution/authentications.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,9 +44,10 @@ export default function ({ getService }: FtrProviderContext) {
fakePossibleCount: 3,
querySize: 1,
},
defaultIndex: ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'],
defaultIndex: ['auditbeat-*'],
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just curious how we settled on the 10s timeout?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sometimes the request just takes longer than expected to return. I want to put the timeout long enough to wait until the result comes back so I am able to verify the result.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I checked the test here: https://github.com/elastic/kibana/blob/master/x-pack/test/api_integration/apis/search/search.ts#L18

They use a very long timeout to avoid returning just partial data, so I do the same here.

})
.expect(200);

Expand All @@ -72,9 +73,10 @@ export default function ({ getService }: FtrProviderContext) {
fakePossibleCount: 5,
querySize: 2,
},
defaultIndex: ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'],
defaultIndex: ['auditbeat-*'],
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);

Expand Down
1 change: 1 addition & 0 deletions x-pack/test/api_integration/apis/security_solution/host_details.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -229,6 +229,7 @@ export default function ({ getService }: FtrProviderContext) {
docValueFields: [],
hostName: 'raspberrypi',
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);
expect(hostDetails).to.eql(expectedResult.hostDetails);
Expand Down
11 changes: 7 additions & 4 deletions x-pack/test/api_integration/apis/security_solution/hosts.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ export default function ({ getService }: FtrProviderContext) {
to: TO,
from: FROM,
},
defaultIndex: ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'],
defaultIndex: ['auditbeat-*'],
docValueFields: [],
sort: {
field: HostsFields.lastSeen,
Expand All @@ -55,6 +55,7 @@ export default function ({ getService }: FtrProviderContext) {
querySize: 1,
},
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);
expect(hosts.edges.length).to.be(EDGE_LENGTH);
Expand All @@ -77,7 +78,7 @@ export default function ({ getService }: FtrProviderContext) {
field: HostsFields.lastSeen,
direction: Direction.asc,
},
defaultIndex: ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'],
defaultIndex: ['auditbeat-*'],
docValueFields: [],
pagination: {
activePage: 2,
Expand All @@ -86,6 +87,7 @@ export default function ({ getService }: FtrProviderContext) {
querySize: 2,
},
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);
expect(hosts.edges.length).to.be(EDGE_LENGTH);
Expand Down Expand Up @@ -133,9 +135,10 @@ export default function ({ getService }: FtrProviderContext) {
to: TO,
from: FROM,
},
defaultIndex: ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'],
defaultIndex: ['auditbeat-*'],
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);

Expand All @@ -148,7 +151,7 @@ export default function ({ getService }: FtrProviderContext) {
.set('kbn-xsrf', 'true')
.send({
factoryQueryType: HostsQueries.firstLastSeen,
defaultIndex: ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'],
defaultIndex: ['auditbeat-*'],
docValueFields: [],
hostName: 'zeek-sensor-san-francisco',
})
Expand Down
6 changes: 6 additions & 0 deletions x-pack/test/api_integration/apis/security_solution/kpi_hosts.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,7 @@ export default function ({ getService }: FtrProviderContext) {
defaultIndex: ['filebeat-*'],
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);

Expand All @@ -119,6 +120,7 @@ export default function ({ getService }: FtrProviderContext) {
defaultIndex: ['filebeat-*'],
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);
expect(body.authenticationsSuccess!).to.eql(expectedResult.authSuccess);
Expand All @@ -141,6 +143,7 @@ export default function ({ getService }: FtrProviderContext) {
defaultIndex: ['filebeat-*'],
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);
expect(body.uniqueDestinationIps!).to.eql(expectedResult.uniqueDestinationIps);
Expand Down Expand Up @@ -224,6 +227,7 @@ export default function ({ getService }: FtrProviderContext) {
defaultIndex: ['auditbeat-*'],
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);

Expand All @@ -245,6 +249,7 @@ export default function ({ getService }: FtrProviderContext) {
defaultIndex: ['auditbeat-*'],
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);
expect(body.authenticationsSuccess!).to.eql(expectedResult.authSuccess);
Expand All @@ -267,6 +272,7 @@ export default function ({ getService }: FtrProviderContext) {
defaultIndex: ['auditbeat-*'],
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);
expect(body.uniqueDestinationIps!).to.eql(expectedResult.uniqueDestinationIps);
Expand Down
11 changes: 11 additions & 0 deletions x-pack/test/api_integration/apis/security_solution/kpi_network.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,7 @@ export default function ({ getService }: FtrProviderContext) {
defaultIndex: ['filebeat-*'],
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);

Expand All @@ -99,6 +100,7 @@ export default function ({ getService }: FtrProviderContext) {
defaultIndex: ['filebeat-*'],
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);

Expand All @@ -119,6 +121,7 @@ export default function ({ getService }: FtrProviderContext) {
defaultIndex: ['filebeat-*'],
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);

Expand All @@ -139,6 +142,7 @@ export default function ({ getService }: FtrProviderContext) {
defaultIndex: ['filebeat-*'],
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);

Expand All @@ -159,6 +163,7 @@ export default function ({ getService }: FtrProviderContext) {
defaultIndex: ['filebeat-*'],
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);

Expand All @@ -179,6 +184,7 @@ export default function ({ getService }: FtrProviderContext) {
defaultIndex: ['filebeat-*'],
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);

Expand Down Expand Up @@ -226,6 +232,7 @@ export default function ({ getService }: FtrProviderContext) {
defaultIndex: ['packetbeat-*'],
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);

Expand All @@ -246,6 +253,7 @@ export default function ({ getService }: FtrProviderContext) {
defaultIndex: ['packetbeat-*'],
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);

Expand All @@ -266,6 +274,7 @@ export default function ({ getService }: FtrProviderContext) {
defaultIndex: ['packetbeat-*'],
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);

Expand All @@ -286,6 +295,7 @@ export default function ({ getService }: FtrProviderContext) {
defaultIndex: ['packetbeat-*'],
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);

Expand All @@ -306,6 +316,7 @@ export default function ({ getService }: FtrProviderContext) {
defaultIndex: ['packetbeat-*'],
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);

Expand Down
4 changes: 3 additions & 1 deletion x-pack/test/api_integration/apis/security_solution/network_details.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,10 +24,11 @@ export default function ({ getService }: FtrProviderContext) {
.set('kbn-xsrf', 'true')
.send({
ip: '151.205.0.17',
defaultIndex: ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'],
defaultIndex: ['filebeat-*'],
factoryQueryType: NetworkQueries.details,
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);

Expand All @@ -51,6 +52,7 @@ export default function ({ getService }: FtrProviderContext) {
factoryQueryType: NetworkQueries.details,
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);

Expand Down
14 changes: 4 additions & 10 deletions x-pack/test/api_integration/apis/security_solution/network_dns.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,15 +32,7 @@ export default function ({ getService }: FtrProviderContext) {
.post('/internal/search/securitySolutionSearchStrategy/')
.set('kbn-xsrf', 'true')
.send({
defaultIndex: [
'apm-*-transaction*',
'auditbeat-*',
'endgame-*',
'filebeat-*',
'logs-*',
'packetbeat-*',
'winlogbeat-*',
],
defaultIndex: ['packetbeat-*'],
docValueFields: [],
factoryQueryType: NetworkQueries.dns,
filterQuery:
Expand All @@ -53,6 +45,7 @@ export default function ({ getService }: FtrProviderContext) {
to: TO,
from: FROM,
},
wait_for_completion_timeout: '10s',
})
.expect(200);

Expand All @@ -70,7 +63,7 @@ export default function ({ getService }: FtrProviderContext) {
.set('kbn-xsrf', 'true')
.send({
ip: '151.205.0.17',
defaultIndex: ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'],
defaultIndex: ['packetbeat-*'],
factoryQueryType: NetworkQueries.dns,
docValueFields: [],
inspect: false,
Expand All @@ -87,6 +80,7 @@ export default function ({ getService }: FtrProviderContext) {
to: TO,
from: FROM,
},
wait_for_completion_timeout: '10s',
})
.expect(200);

Expand Down
44 changes: 8 additions & 36 deletions x-pack/test/api_integration/apis/security_solution/network_top_n_flow.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,15 +35,7 @@ export default function ({ getService }: FtrProviderContext) {
.post('/internal/search/securitySolutionSearchStrategy/')
.set('kbn-xsrf', 'true')
.send({
defaultIndex: [
'apm-*-transaction*',
'auditbeat-*',
'endgame-*',
'filebeat-*',
'logs-*',
'packetbeat-*',
'winlogbeat-*',
],
defaultIndex: ['filebeat-*'],
factoryQueryType: NetworkQueries.topNFlow,
flowTarget: FlowTargetSourceDest.source,
sort: { field: NetworkTopTablesFields.bytes_in, direction: Direction.desc },
Expand All @@ -60,6 +52,7 @@ export default function ({ getService }: FtrProviderContext) {
},
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);

Expand All @@ -81,15 +74,7 @@ export default function ({ getService }: FtrProviderContext) {
.post('/internal/search/securitySolutionSearchStrategy/')
.set('kbn-xsrf', 'true')
.send({
defaultIndex: [
'apm-*-transaction*',
'auditbeat-*',
'endgame-*',
'filebeat-*',
'logs-*',
'packetbeat-*',
'winlogbeat-*',
],
defaultIndex: ['filebeat-*'],
factoryQueryType: 'topNFlow',
filterQuery:
'{"bool":{"must":[],"filter":[{"match_all":{}}],"should":[],"must_not":[]}}',
Expand All @@ -108,6 +93,7 @@ export default function ({ getService }: FtrProviderContext) {
},
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);

Expand All @@ -129,15 +115,7 @@ export default function ({ getService }: FtrProviderContext) {
.post('/internal/search/securitySolutionSearchStrategy/')
.set('kbn-xsrf', 'true')
.send({
defaultIndex: [
'apm-*-transaction*',
'auditbeat-*',
'endgame-*',
'filebeat-*',
'logs-*',
'packetbeat-*',
'winlogbeat-*',
],
defaultIndex: ['filebeat-*'],
factoryQueryType: 'topNFlow',
filterQuery:
'{"bool":{"must":[],"filter":[{"match_all":{}}],"should":[],"must_not":[]}}',
Expand All @@ -156,6 +134,7 @@ export default function ({ getService }: FtrProviderContext) {
},
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);
expect(networkTopNFlow.edges.length).to.be(EDGE_LENGTH);
Expand All @@ -171,15 +150,7 @@ export default function ({ getService }: FtrProviderContext) {
.post('/internal/search/securitySolutionSearchStrategy/')
.set('kbn-xsrf', 'true')
.send({
defaultIndex: [
'apm-*-transaction*',
'auditbeat-*',
'endgame-*',
'filebeat-*',
'logs-*',
'packetbeat-*',
'winlogbeat-*',
],
defaultIndex: ['filebeat-*'],
factoryQueryType: 'topNFlow',
filterQuery:
'{"bool":{"must":[],"filter":[{"match_all":{}}],"should":[],"must_not":[]}}',
Expand All @@ -198,6 +169,7 @@ export default function ({ getService }: FtrProviderContext) {
},
docValueFields: [],
inspect: false,
wait_for_completion_timeout: '10s',
})
.expect(200);

Expand Down
Loading