Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
  • Loading branch information
MadameSheema authored Jan 28, 2020
1 parent dc0b5f0 commit 41ec421
Show file tree
Hide file tree
Showing 3 changed files with 94 additions and 11 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -18,14 +18,14 @@ import {
mlHostMultiHostKqlQuery,
mlHostVariableHostNullKqlQuery,
mlHostVariableHostKqlQuery,
} from '../../lib/ml_conditional_links';
import { loginAndWaitForPage } from '../../lib/util/helpers';
import { KQL_INPUT } from '../../lib/url_state';
} from '../../../urls/ml_conditional_links';
import { loginAndWaitForPage, DEFAULT_TIMEOUT } from '../../../tasks/login';
import { KQL_INPUT } from '../../../screens/header';

describe('ml conditional links', () => {
it('sets the KQL from a single IP with a value for the query', () => {
loginAndWaitForPage(mlNetworkSingleIpKqlQuery);
cy.get(KQL_INPUT, { timeout: 5000 }).should(
cy.get(KQL_INPUT, { timeout: DEFAULT_TIMEOUT }).should(
'have.attr',
'value',
'(process.name: "conhost.exe" or process.name: "sc.exe")'
Expand All @@ -34,7 +34,7 @@ describe('ml conditional links', () => {

it('sets the KQL from a multiple IPs with a null for the query', () => {
loginAndWaitForPage(mlNetworkMultipleIpNullKqlQuery);
cy.get(KQL_INPUT, { timeout: 5000 }).should(
cy.get(KQL_INPUT, { timeout: DEFAULT_TIMEOUT }).should(
'have.attr',
'value',
'((source.ip: "127.0.0.1" or destination.ip: "127.0.0.1") or (source.ip: "127.0.0.2" or destination.ip: "127.0.0.2"))'
Expand All @@ -43,7 +43,7 @@ describe('ml conditional links', () => {

it('sets the KQL from a multiple IPs with a value for the query', () => {
loginAndWaitForPage(mlNetworkMultipleIpKqlQuery);
cy.get(KQL_INPUT, { timeout: 5000 }).should(
cy.get(KQL_INPUT, { timeout: DEFAULT_TIMEOUT }).should(
'have.attr',
'value',
'((source.ip: "127.0.0.1" or destination.ip: "127.0.0.1") or (source.ip: "127.0.0.2" or destination.ip: "127.0.0.2")) and ((process.name: "conhost.exe" or process.name: "sc.exe"))'
Expand All @@ -52,7 +52,7 @@ describe('ml conditional links', () => {

it('sets the KQL from a $ip$ with a value for the query', () => {
loginAndWaitForPage(mlNetworkKqlQuery);
cy.get(KQL_INPUT, { timeout: 5000 }).should(
cy.get(KQL_INPUT, { timeout: DEFAULT_TIMEOUT }).should(
'have.attr',
'value',
'(process.name: "conhost.exe" or process.name: "sc.exe")'
Expand All @@ -61,7 +61,7 @@ describe('ml conditional links', () => {

it('sets the KQL from a single host name with a value for query', () => {
loginAndWaitForPage(mlHostSingleHostKqlQuery);
cy.get(KQL_INPUT, { timeout: 5000 }).should(
cy.get(KQL_INPUT, { timeout: DEFAULT_TIMEOUT }).should(
'have.attr',
'value',
'(process.name: "conhost.exe" or process.name: "sc.exe")'
Expand All @@ -70,7 +70,7 @@ describe('ml conditional links', () => {

it('sets the KQL from a multiple host names with null for query', () => {
loginAndWaitForPage(mlHostMultiHostNullKqlQuery);
cy.get(KQL_INPUT, { timeout: 5000 }).should(
cy.get(KQL_INPUT, { timeout: DEFAULT_TIMEOUT }).should(
'have.attr',
'value',
'(host.name: "siem-windows" or host.name: "siem-suricata")'
Expand All @@ -79,7 +79,7 @@ describe('ml conditional links', () => {

it('sets the KQL from a multiple host names with a value for query', () => {
loginAndWaitForPage(mlHostMultiHostKqlQuery);
cy.get(KQL_INPUT, { timeout: 5000 }).should(
cy.get(KQL_INPUT, { timeout: DEFAULT_TIMEOUT }).should(
'have.attr',
'value',
'(host.name: "siem-windows" or host.name: "siem-suricata") and ((process.name: "conhost.exe" or process.name: "sc.exe"))'
Expand All @@ -88,7 +88,7 @@ describe('ml conditional links', () => {

it('sets the KQL from a undefined/null host name but with a value for query', () => {
loginAndWaitForPage(mlHostVariableHostKqlQuery);
cy.get(KQL_INPUT, { timeout: 5000 }).should(
cy.get(KQL_INPUT, { timeout: DEFAULT_TIMEOUT }).should(
'have.attr',
'value',
'(process.name: "conhost.exe" or process.name: "sc.exe")'
Expand Down
7 changes: 7 additions & 0 deletions x-pack/legacy/plugins/siem/cypress/screens/header.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/

export const KQL_INPUT = '[data-test-subj="queryInput"]';
76 changes: 76 additions & 0 deletions x-pack/legacy/plugins/siem/cypress/urls/ml_conditional_links.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/

/*
* These links are for different test scenarios that try and capture different drill downs into
* ml-network and ml-hosts and are of the flavor of testing:
* A filter being null: (query:!n)
* A filter being set with single values: query=(query:%27process.name%20:%20%22conhost.exe%22%27,language:kuery)
* A filter being set with multiple values: query=(query:%27process.name%20:%20%22conhost.exe,sc.exe%22%27,language:kuery)
* A filter containing variables not replaced: query=(query:%27process.name%20:%20%$process.name$%22%27,language:kuery)
*
* In different combination with:
* network not being set: $ip$
* host not being set: $host.name$
* ...or...
* network being set normally: 127.0.0.1
* host being set normally: suricata-iowa
* ...or...
* network having multiple values: 127.0.0.1,127.0.0.2
* host having multiple values: suricata-iowa,siem-windows
*/

// Single IP with a null for the Query:
export const mlNetworkSingleIpNullKqlQuery =
"/app/siem#/ml-network/ip/127.0.0.1?query=!n&timerange=(global:(linkTo:!(timeline),timerange:(from:'2019-08-28T11:00:00.000Z',kind:absolute,to:'2019-08-28T13:59:59.999Z')),timeline:(linkTo:!(global),timerange:(from:'2019-08-28T11:00:00.000Z',kind:absolute,to:'2019-08-28T13:59:59.999Z')))";

// Single IP with a value for the Query:
export const mlNetworkSingleIpKqlQuery =
"/app/siem#/ml-network/ip/127.0.0.1?query=(language:kuery,query:'process.name%20:%20%22conhost.exe,sc.exe%22')&timerange=(global:(linkTo:!(timeline),timerange:(from:'2019-08-28T11:00:00.000Z',kind:absolute,to:'2019-08-28T13:59:59.999Z')),timeline:(linkTo:!(global),timerange:(from:'2019-08-28T11:00:00.000Z',kind:absolute,to:'2019-08-28T13:59:59.999Z')))";

// Multiple IPs with a null for the Query:
export const mlNetworkMultipleIpNullKqlQuery =
"/app/siem#/ml-network/ip/127.0.0.1,127.0.0.2?query=!n&timerange=(global:(linkTo:!(timeline),timerange:(from:'2019-08-28T11:00:00.000Z',kind:absolute,to:'2019-08-28T13:59:59.999Z')),timeline:(linkTo:!(global),timerange:(from:'2019-08-28T11:00:00.000Z',kind:absolute,to:'2019-08-28T13:59:59.999Z')))";

// Multiple IPs with a value for the Query:
export const mlNetworkMultipleIpKqlQuery =
"/app/siem#/ml-network/ip/127.0.0.1,127.0.0.2?query=(language:kuery,query:'process.name%20:%20%22conhost.exe,sc.exe%22')&timerange=(global:(linkTo:!(timeline),timerange:(from:'2019-08-28T11:00:00.000Z',kind:absolute,to:'2019-08-28T13:59:59.999Z')),timeline:(linkTo:!(global),timerange:(from:'2019-08-28T11:00:00.000Z',kind:absolute,to:'2019-08-28T13:59:59.999Z')))";

// $ip$ with a null Query:
export const mlNetworkNullKqlQuery =
"/app/siem#/ml-network/ip/$ip$?query=!n&timerange=(global:(linkTo:!(timeline),timerange:(from:'2019-08-28T11:00:00.000Z',kind:absolute,to:'2019-08-28T13:59:59.999Z')),timeline:(linkTo:!(global),timerange:(from:'2019-08-28T11:00:00.000Z',kind:absolute,to:'2019-08-28T13:59:59.999Z')))";

// $ip$ with a value for the Query:
export const mlNetworkKqlQuery =
"/app/siem#/ml-network/ip/$ip$?query=(language:kuery,query:'process.name%20:%20%22conhost.exe,sc.exe%22')&timerange=(global:(linkTo:!(timeline),timerange:(from:'2019-08-28T11:00:00.000Z',kind:absolute,to:'2019-08-28T13:59:59.999Z')),timeline:(linkTo:!(global),timerange:(from:'2019-08-28T11:00:00.000Z',kind:absolute,to:'2019-08-28T13:59:59.999Z')))";

// Single host name with a null for the Query:
export const mlHostSingleHostNullKqlQuery =
"/app/siem#/ml-hosts/siem-windows?query=!n&timerange=(global:(linkTo:!(timeline),timerange:(from:'2019-06-06T06:00:00.000Z',kind:absolute,to:'2019-06-07T05:59:59.999Z')),timeline:(linkTo:!(global),timerange:(from:'2019-06-06T06:00:00.000Z',kind:absolute,to:'2019-06-07T05:59:59.999Z')))";

// Single host name with a variable in the Query:
export const mlHostSingleHostKqlQueryVariable =
"/app/siem#/ml-hosts/siem-windows?query=(language:kuery,query:'process.name%20:%20%22$process.name$%22')&timerange=(global:(linkTo:!(timeline),timerange:(from:'2019-06-06T06:00:00.000Z',kind:absolute,to:'2019-06-07T05:59:59.999Z')),timeline:(linkTo:!(global),timerange:(from:'2019-06-06T06:00:00.000Z',kind:absolute,to:'2019-06-07T05:59:59.999Z')))";

// Single host name with a value for Query:
export const mlHostSingleHostKqlQuery =
"/app/siem#/ml-hosts/siem-windows?query=(language:kuery,query:'process.name%20:%20%22conhost.exe,sc.exe%22')&timerange=(global:(linkTo:!(timeline),timerange:(from:'2019-06-06T06:00:00.000Z',kind:absolute,to:'2019-06-07T05:59:59.999Z')),timeline:(linkTo:!(global),timerange:(from:'2019-06-06T06:00:00.000Z',kind:absolute,to:'2019-06-07T05:59:59.999Z')))";

// Multiple host names with null for Query:
export const mlHostMultiHostNullKqlQuery =
"/app/siem#/ml-hosts/siem-windows,siem-suricata?query=!n&&timerange=(global:(linkTo:!(timeline),timerange:(from:'2019-06-06T06:00:00.000Z',kind:absolute,to:'2019-06-07T05:59:59.999Z')),timeline:(linkTo:!(global),timerange:(from:'2019-06-06T06:00:00.000Z',kind:absolute,to:'2019-06-07T05:59:59.999Z')))";

// Multiple host names with a value for Query:
export const mlHostMultiHostKqlQuery =
"/app/siem#/ml-hosts/siem-windows,siem-suricata?query=(language:kuery,query:'process.name%20:%20%22conhost.exe,sc.exe%22')&timerange=(global:(linkTo:!(timeline),timerange:(from:'2019-06-06T06:00:00.000Z',kind:absolute,to:'2019-06-07T05:59:59.999Z')),timeline:(linkTo:!(global),timerange:(from:'2019-06-06T06:00:00.000Z',kind:absolute,to:'2019-06-07T05:59:59.999Z')))";

// Undefined/null host name with a null for the KQL:
export const mlHostVariableHostNullKqlQuery =
"/app/siem#/ml-hosts/$host.name$?query=!n&timerange=(global:(linkTo:!(timeline),timerange:(from:'2019-06-06T06:00:00.000Z',kind:absolute,to:'2019-06-07T05:59:59.999Z')),timeline:(linkTo:!(global),timerange:(from:'2019-06-06T06:00:00.000Z',kind:absolute,to:'2019-06-07T05:59:59.999Z')))";

// Undefined/null host name but with a value for Query:
export const mlHostVariableHostKqlQuery =
"/app/siem#/ml-hosts/$host.name$?query=(language:kuery,query:'process.name%20:%20%22conhost.exe,sc.exe%22')&timerange=(global:(linkTo:!(timeline),timerange:(from:'2019-06-06T06:00:00.000Z',kind:absolute,to:'2019-06-07T05:59:59.999Z')),timeline:(linkTo:!(global),timerange:(from:'2019-06-06T06:00:00.000Z',kind:absolute,to:'2019-06-07T05:59:59.999Z')))";

0 comments on commit 41ec421

Please sign in to comment.