Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] Exploratory testing of prebuilt rule customization workflows #180398

Open
Tracked by #174168
jpdjere opened this issue Apr 9, 2024 · 7 comments
Open
Tracked by #174168
Assignees
Labels
8.18 candidate Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.18.0

Comments

@jpdjere
Copy link
Contributor

jpdjere commented Apr 9, 2024

Epics: https://github.com/elastic/security-team/issues/1974 (internal), #174168

Summary

Do comprehensive exploratory testing of the app with the prebuiltRulesCustomizationEnabled feature flag turned on.

Workflows to test that were directly affected by the prebuilt rule customization functionality:

  • Prebuilt rule customization: installing, editing, bulk editing, duplicating prebuilt rules; using the Rule Management and Details pages with customized and non-customized prebuilt rules, as well as custom rules.
  • Prebuilt rule upgrade: upgrading customized and non-customized prebuilt rules.
  • Rule export and import: exporting and importing customized and non-customized prebuilt rules, as well as custom rules.

Workflows to test for regressions:

  • Rule management: creating, editing, bulk editing, duplicating custom rules; using the Rule Management and Details pages with custom rules.
  • Rule installation workflow: installing prebuilt rules; using the Rule Management and Details pages.

Advanced testing:

  • Disable the prebuiltRulesCustomizationEnabled feature flag after using the app with the flag enabled. Test that the app works without issues and errors, even there are some customized prebuilt rules that were created when the flag was turned on.
@jpdjere jpdjere added triage_needed Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Detection Rule Management Security Detection Rule Management Team Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area labels Apr 9, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@banderror banderror changed the title [Security Solution] Prebuilt Rules Customization: Do comprehensive exploratory testing of the app with the prebuiltRulesCustomizationEnabled feature flag turned on [Security Solution] Prebuilt Rules Customization: Do comprehensive exploratory testing of the app with the prebuiltRulesCustomizationEnabled feature flag turned on (DRAFT) Apr 17, 2024
@banderror banderror changed the title [Security Solution] Prebuilt Rules Customization: Do comprehensive exploratory testing of the app with the prebuiltRulesCustomizationEnabled feature flag turned on (DRAFT) [Security Solution] Exploratory testing of prebuilt rule customization workflows (DRAFT) Oct 9, 2024
@banderror banderror changed the title [Security Solution] Exploratory testing of prebuilt rule customization workflows (DRAFT) [Security Solution] Exploratory testing of prebuilt rule customization workflows Oct 9, 2024
@banderror banderror assigned pborgonovi and MadameSheema and unassigned vgomez-el Oct 9, 2024
@banderror
Copy link
Contributor

@MadameSheema please reassign to someone from QA Source when you know who could help us with this.

@pborgonovi
Copy link
Contributor

pborgonovi commented Oct 30, 2024

Prebuilt Rule Customization Test Plan

  1. Introduction
    This feature allows users to customize prebuilt rules, import/export them, and upgrade while preserving customizations. Testing will focus on rule customization, the Three-Way-Diff component, conflict resolution, bulk upgrades, and import/export functionality to ensure a reliable and seamless user experience.

  2. Scope of Testing
    2.1 In-Scope
    Full Integration System Testing.

Feature Priority Risk Level Testing Conditions Comments
Prebuilt Rules Customization High High Test that prebuilt rules can be customized and upgraded correctly while preserving user modifications. Validate that updates can be done in bulk and that rule integrity is maintained.
Rule Management Table Updates Moderate Moderate Test UI functionality for filtering, selecting, and sorting rules; verify distinction between Prebuilt, Customized, and Custom rules. Ensure the UI behaves correctly with bulk actions and different rule types.
Bulk Rule Upgrades High High Test that bulk upgrades process only conflict-free rules, while conflicts are managed and excluded with clear notifications. Validate this workflow thoroughly, as it’s highly impacted by the new changes.
Upgrade Flyout and Conflict Review High High Test the Three-Way-Diff component’s handling of conflicts during upgrades; verify user interactions like accepting, editing, and saving changes. Ensure accurate display of field-by-field differences and verify that conflicts are resolved properly for both solvable and non-solvable cases.
Auto-Merge of Customizations High High Test auto-merge functionality to ensure that changes from different versions are combined correctly during an upgrade. Focus on preserving customizations while applying new updates, ensuring merged results reflect user preferences without altering rule integrity.
Rule Type Changes High High Test rule type changes during upgrades, confirming user warnings and allowing users to clone or retain customizations. Ensure UI handles type changes clearly, warning users about potential data loss or incompatible changes.
Import/Export of Customized Rules Moderate Moderate Test import/export functionality to ensure that customizations are preserved when moving rules between instances. Test import/export functionality between ESS and Serverless instances. Validate behavior when handling multiple versions of the same rule, ensuring customizations are retained during re-import.
Rule Execution Moderate Moderate Ensure customized and upgraded rules execute correctly, triggering the intended detections and maintaining functionality. This can be tested as part of regression testing, as changes should minimally affect execution.
Regression Testing Moderate High Conduct exploratory regression testing to verify that new features do not disrupt existing functionalities. Test rule installation, duplication, editing of custom rules, and bulk actions; check that turning off the feature flag preserves current functionalities.

2.2 Out-of-Scope

  • API testing (since testing will be done exclusively through the UI).
  • Performance and load testing
  1. Objectives
    • Our main objective is to release this functionality free of significant issues.

  2. Test Strategy
    4.1 Testing Approach

    • Exploratory Testing (Risk-Based Priority):
      The primary focus will be on exploratory testing, with testing efforts prioritized according to the risk levels identified.
      High-Risk Areas will receive the most attention to ensure critical functionalities are working correctly.

    Prioritized Areas for Exploratory Testing:

    • High-Risk Areas (Focus First):
      • Prebuilt Rule Customization
      • Bulk Rule Upgrades
      • Rule Type Changes
      • Conflict Resolution Logic (Three-Way-Diff)
      • Auto-Merging of Customizations

    • Moderate-Risk Areas (Secondary Focus):
      • Rule Execution and Alerts
      • Import/Export of Customized Rules
      • Rule Management Table
      • Regression Testing

    • Regression Testing:

      • Conduct exploratory regression testing across key areas to ensure that new features do not break existing functionalities like rule installation, duplication, editing custom rules from both Rule Management and Rule Details page.
      • Turn flag OFF and validate existing functionalities continue to work as expected.

@banderror
Copy link
Contributor

@pborgonovi Great work, and thank you for this initiative. The plan for exploratory testing looks good so far 👍

A few suggestions:

  • I would suggest to try to improve the plan's readability. Currently, we repeat pretty much the same thoughts / focus areas multiple times in the "Testing includes", "Objectives", "Prioritized Areas for Exploratory Testing", and "Risk Matrix" sections. Let's try to consolidate this in a single section "Scope", where we'd have a "In-scope" section with a table listing all testing efforts to do, their priority, risk, comments, etc; and a "Out-of-scope" section that could contain a simple list.
  • Our objective is to release the feature in time without any significant issues ☝ 🙂
  • I would disagree on some of the priorities:
    • "Rule Execution" and "Alerts Based on Customized Rules", while being core features, is a lower risk because we know how it works under the hood, and the new changes shouldn't affect this. Still, worth testing, of course, but could be a part of regression testing with a bit lower priority.
    • "Bulk Rule Upgrades" should be a high risk and high priority. This workflow is highly affected by the new changes.

@pborgonovi
Copy link
Contributor

Thank you so much for the feedback @banderror I'll be working on it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
8.18 candidate Feature:Prebuilt Detection Rules Security Solution Prebuilt Detection Rules area Team:Detection Rule Management Security Detection Rule Management Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.18.0
Projects
None yet
Development

No branches or pull requests

6 participants