[Security Solution] Add unit tests for histograms (#77081)

* init tests

* add unit tests for histograms

* fix types

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>

x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/index.test.tsx

@@ -0,0 +1,35 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import * as buildQuery from './query.host_details.dsl';
+import { hostDetails } from '.';
+import {
+  mockOptions,
+  mockSearchStrategyResponse,
+  formattedSearchStrategyResponse,
+} from './__mocks__';
+
+describe('hostDetails search strategy', () => {
+  const buildHostDetailsQuery = jest.spyOn(buildQuery, 'buildHostDetailsQuery');
+
+  afterEach(() => {
+    buildHostDetailsQuery.mockClear();
+  });
+
+  describe('buildDsl', () => {
+    test('should build dsl query', () => {
+      hostDetails.buildDsl(mockOptions);
+      expect(buildHostDetailsQuery).toHaveBeenCalledWith(mockOptions);
+    });
+  });
+
+  describe('parse', () => {
+    test('should parse data correctly', async () => {
+      const result = await hostDetails.parse(mockOptions, mockSearchStrategyResponse);
+      expect(result).toMatchObject(formattedSearchStrategyResponse);
+    });
+  });
+});

x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/query.host_details.dsl.test.ts

@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+import { buildHostDetailsQuery as buildQuery } from './query.host_details.dsl';
+import { mockOptions, expectedDsl } from './__mocks__/';
+
+describe('buildQuery', () => {
+  test('build query from options correctly', () => {
+    expect(buildQuery(mockOptions)).toEqual(expectedDsl);
+  });
+});

x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/alerts/__mocks__/index.ts

@@ -0,0 +1,87 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { MatrixHistogramType } from '../../../../../../../common/search_strategy';
+
+export const mockOptions = {
+  defaultIndex: [
+    'apm-*-transaction*',
+    'auditbeat-*',
+    'endgame-*',
+    'filebeat-*',
+    'logs-*',
+    'packetbeat-*',
+    'winlogbeat-*',
+  ],
+  filterQuery:
+    '{"bool":{"must":[],"filter":[{"match_all":{}},{"bool":{"filter":[{"bool":{"should":[{"exists":{"field":"host.name"}}],"minimum_should_match":1}}]}}],"should":[],"must_not":[]}}',
+  histogramType: MatrixHistogramType.alerts,
+  timerange: { interval: '12h', from: '2020-09-08T14:23:04.482Z', to: '2020-09-09T14:23:04.482Z' },
+  stackByField: 'event.module',
+};
+
+export const expectedDsl = {
+  index: [
+    'apm-*-transaction*',
+    'auditbeat-*',
+    'endgame-*',
+    'filebeat-*',
+    'logs-*',
+    'packetbeat-*',
+    'winlogbeat-*',
+  ],
+  allowNoIndices: true,
+  ignoreUnavailable: true,
+  body: {
+    aggregations: {
+      alertsGroup: {
+        terms: {
+          field: 'event.module',
+          missing: 'All others',
+          order: { _count: 'desc' },
+          size: 10,
+        },
+        aggs: {
+          alerts: {
+            date_histogram: {
+              field: '@timestamp',
+              fixed_interval: '2700000ms',
+              min_doc_count: 0,
+              extended_bounds: { min: 1599574984482, max: 1599661384482 },
+            },
+          },
+        },
+      },
+    },
+    query: {
+      bool: {
+        filter: [
+          '{"bool":{"must":[],"filter":[{"match_all":{}},{"bool":{"filter":[{"bool":{"should":[{"exists":{"field":"host.name"}}],"minimum_should_match":1}}]}}],"should":[],"must_not":[]}}',
+          {
+            bool: {
+              filter: [
+                {
+                  bool: { should: [{ match: { 'event.kind': 'alert' } }], minimum_should_match: 1 },
+                },
+              ],
+            },
+          },
+          {
+            range: {
+              '@timestamp': {
+                gte: '2020-09-08T14:23:04.482Z',
+                lte: '2020-09-09T14:23:04.482Z',
+                format: 'strict_date_optional_time',
+              },
+            },
+          },
+        ],
+      },
+    },
+    size: 0,
+    track_total_hits: true,
+  },
+};

x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/alerts/index.test.ts

@@ -0,0 +1,22 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { alertsMatrixHistogramConfig } from '.';
+import { buildAlertsHistogramQuery } from './query.alerts_histogram.dsl';
+
+jest.mock('./query.alerts_histogram.dsl', () => ({
+  buildAlertsHistogramQuery: jest.fn(),
+}));
+
+describe('alertsMatrixHistogramConfig', () => {
+  test('should export alertsMatrixHistogramConfig corrrectly', () => {
+    expect(alertsMatrixHistogramConfig).toEqual({
+      aggName: 'aggregations.alertsGroup.buckets',
+      parseKey: 'alerts.buckets',
+      buildDsl: buildAlertsHistogramQuery,
+    });
+  });
+});

x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/alerts/query.alerts_histogram.dsl.test.ts

@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+import { buildAlertsHistogramQuery } from './query.alerts_histogram.dsl';
+import { mockOptions, expectedDsl } from './__mocks__/';
+
+describe('buildAlertsHistogramQuery', () => {
+  test('build query from options correctly', () => {
+    expect(buildAlertsHistogramQuery(mockOptions)).toEqual(expectedDsl);
+  });
+});

x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/anomalies/__mocks__/index.ts

@@ -0,0 +1,73 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { MatrixHistogramType } from '../../../../../../../common/search_strategy';
+
+export const mockOptions = {
+  defaultIndex: [
+    'apm-*-transaction*',
+    'auditbeat-*',
+    'endgame-*',
+    'filebeat-*',
+    'logs-*',
+    'packetbeat-*',
+    'winlogbeat-*',
+  ],
+  filterQuery:
+    '{"bool":{"must":[],"filter":[{"match_all":{}},{"bool":{"should":[],"minimum_should_match":1}},{"match_phrase":{"result_type":"record"}},null,{"range":{"record_score":{"gte":50}}}],"should":[{"exists":{"field":"source.ip"}},{"exists":{"field":"destination.ip"}}],"must_not":[],"minimum_should_match":1}}',
+  histogramType: MatrixHistogramType.anomalies,
+  timerange: { interval: '12h', from: '2020-09-08T15:14:35.566Z', to: '2020-09-09T15:14:35.566Z' },
+  stackByField: 'job_id',
+};
+
+export const expectedDsl = {
+  index: [
+    'apm-*-transaction*',
+    'auditbeat-*',
+    'endgame-*',
+    'filebeat-*',
+    'logs-*',
+    'packetbeat-*',
+    'winlogbeat-*',
+  ],
+  allowNoIndices: true,
+  ignoreUnavailable: true,
+  body: {
+    aggs: {
+      anomalyActionGroup: {
+        terms: { field: 'job_id', order: { _count: 'desc' }, size: 10 },
+        aggs: {
+          anomalies: {
+            date_histogram: {
+              field: 'timestamp',
+              fixed_interval: '2700000ms',
+              min_doc_count: 0,
+              extended_bounds: { min: 1599578075566, max: 1599664475566 },
+            },
+          },
+        },
+      },
+    },
+    query: {
+      bool: {
+        filter: [
+          '{"bool":{"must":[],"filter":[{"match_all":{}},{"bool":{"should":[],"minimum_should_match":1}},{"match_phrase":{"result_type":"record"}},null,{"range":{"record_score":{"gte":50}}}],"should":[{"exists":{"field":"source.ip"}},{"exists":{"field":"destination.ip"}}],"must_not":[],"minimum_should_match":1}}',
+          {
+            range: {
+              timestamp: {
+                gte: '2020-09-08T15:14:35.566Z',
+                lte: '2020-09-09T15:14:35.566Z',
+                format: 'strict_date_optional_time',
+              },
+            },
+          },
+        ],
+      },
+    },
+    size: 0,
+    track_total_hits: true,
+  },
+};

x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/anomalies/index.test.ts

@@ -0,0 +1,22 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { anomaliesMatrixHistogramConfig } from '.';
+import { buildAnomaliesHistogramQuery } from './query.anomalies_histogram.dsl';
+
+jest.mock('./query.anomalies_histogram.dsl', () => ({
+  buildAnomaliesHistogramQuery: jest.fn(),
+}));
+
+describe('anomaliesMatrixHistogramConfig', () => {
+  test('should export anomaliesMatrixHistogramConfig corrrectly', () => {
+    expect(anomaliesMatrixHistogramConfig).toEqual({
+      aggName: 'aggregations.anomalyActionGroup.buckets',
+      parseKey: 'anomalies.buckets',
+      buildDsl: buildAnomaliesHistogramQuery,
+    });
+  });
+});

x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/anomalies/query.anomalies_histogram.dsl.test.ts

@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+import { buildAnomaliesHistogramQuery } from './query.anomalies_histogram.dsl';
+import { mockOptions, expectedDsl } from './__mocks__';
+
+describe('buildAnomaliesHistogramQuery', () => {
+  test('build query from options correctly', () => {
+    expect(buildAnomaliesHistogramQuery(mockOptions)).toEqual(expectedDsl);
+  });
+});

x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/authentications/__mocks__/index.ts

@@ -0,0 +1,78 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { MatrixHistogramType } from '../../../../../../../common/search_strategy';
+
+export const mockOptions = {
+  defaultIndex: [
+    'apm-*-transaction*',
+    'auditbeat-*',
+    'endgame-*',
+    'filebeat-*',
+    'logs-*',
+    'packetbeat-*',
+    'winlogbeat-*',
+  ],
+  filterQuery: '{"bool":{"must":[],"filter":[{"match_all":{}}],"should":[],"must_not":[]}}',
+  histogramType: MatrixHistogramType.authentications,
+  timerange: { interval: '12h', from: '2020-09-08T15:22:00.325Z', to: '2020-09-09T15:22:00.325Z' },
+  stackByField: 'event.outcome',
+};
+
+export const expectedDsl = {
+  index: [
+    'apm-*-transaction*',
+    'auditbeat-*',
+    'endgame-*',
+    'filebeat-*',
+    'logs-*',
+    'packetbeat-*',
+    'winlogbeat-*',
+  ],
+  allowNoIndices: true,
+  ignoreUnavailable: true,
+  body: {
+    aggregations: {
+      eventActionGroup: {
+        terms: {
+          field: 'event.outcome',
+          include: ['success', 'failure'],
+          order: { _count: 'desc' },
+          size: 2,
+        },
+        aggs: {
+          events: {
+            date_histogram: {
+              field: '@timestamp',
+              fixed_interval: '2700000ms',
+              min_doc_count: 0,
+              extended_bounds: { min: 1599578520325, max: 1599664920325 },
+            },
+          },
+        },
+      },
+    },
+    query: {
+      bool: {
+        filter: [
+          '{"bool":{"must":[],"filter":[{"match_all":{}}],"should":[],"must_not":[]}}',
+          { bool: { must: [{ term: { 'event.category': 'authentication' } }] } },
+          {
+            range: {
+              '@timestamp': {
+                gte: '2020-09-08T15:22:00.325Z',
+                lte: '2020-09-09T15:22:00.325Z',
+                format: 'strict_date_optional_time',
+              },
+            },
+          },
+        ],
+      },
+    },
+    size: 0,
+    track_total_hits: true,
+  },
+};

x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/authentications/index.test.ts

@@ -0,0 +1,22 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { authenticationsMatrixHistogramConfig } from '.';
+import { buildAuthenticationsHistogramQuery } from './query.authentications_histogram.dsl';
+
+jest.mock('./query.authentications_histogram.dsl', () => ({
+  buildAuthenticationsHistogramQuery: jest.fn(),
+}));
+
+describe('authenticationsMatrixHistogramConfig', () => {
+  test('should export authenticationsMatrixHistogramConfig corrrectly', () => {
+    expect(authenticationsMatrixHistogramConfig).toEqual({
+      aggName: 'aggregations.eventActionGroup.buckets',
+      parseKey: 'events.buckets',
+      buildDsl: buildAuthenticationsHistogramQuery,
+    });
+  });
+});