Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution] Exceptions Cypress tests #81759

Merged
merged 68 commits into from
Nov 30, 2020
Merged

[Security Solution] Exceptions Cypress tests #81759

merged 68 commits into from
Nov 30, 2020

Conversation

MadameSheema
Copy link
Member

@MadameSheema MadameSheema commented Oct 27, 2020
edited
Loading

Summary

In this PR we are adding some tests in order to check that exceptions feature is working fine.

These tests were complex to develop so I will appreciate a deep look to it, because I'm afraid I can be messing or not properly checking things.

For these tests we have created different archives:

  • rule_for_exceptions
  • rule_for_exceptions_from_alert
  • auditbeat_for_exceptions
  • auditbeat_for_exceptions2
  • auditbeat_for_exceptions3
  • auditbeat_for_exceptions_from_alert
  • auditbeat_for_exceptions_from_alert2
  • auditbeat_for_exceptions_from_alert3

The rule_for_exceptions archive contains a custom rule with query host.name:* and index pattern exceptions-*. As on CI all the Kibana tests are executed in parallel, this was the selected index pattern in order to avoid collisions with different tests from different teams using a common index pattern (i.e. auditbeat).

The rule_for_exceptions_from_alert archive contains a rule with archive contains a custom rule with query host.name:* and index pattern exceptionsalert-*. This index pattern was selected from the same reason as the previous one and also, to prevent collisions with the previous test.

auditbeat_for_exceptions, auditbeat_for_exceptions2 and auditbeat_for_exceptions3, each archive contains 2 different alerts that matches the exceptions-* pattern.

auditbeat_for_exceptions_from_alert, auditbeat_for_exceptions_from_alert2, auditbeat_for_exceptions_from_alert3, each archive contains 2 different alerts that thames the exceptionsalert-* pattern.

Creates an exception from rule details and deletes the exception implementation:

  • We load the rule
  • We activate it
  • We load the first set of data
  • We wait for the rule to be executed
  • We deactivate the rule
  • We check that the rule has populated the expected alerts
  • We add an exception from the rule details for all the host.names that matches with the alerts on the archive, checking the closing alerts option
  • We activate the rule again
  • We load a new set of data
  • We wait for the rule to be executed again
  • We navigate to closed alerts in order to check that the alerts have been closed
  • We navigate to opened alerts and we check that no new rules have been populated
  • We delete the exception
  • We load a new set of data
  • We wait for the rule to be executed
  • We check that the rule has populated the expected alerts

Creates an exception from an existing alert and deletes the exception implementation:

  • We load the rule
  • We activate it
  • We load the first set of data
  • We wait for the rule to be executed
  • We deactivate the rule
  • We check that the rule has populated the expected alerts
  • We add an exception from the first existing alert for all the host.names that matches with the alerts on the archive, checking the closing alerts option
  • We activate the rule again
  • We load a new set of data
  • We wait for the rule to be executed again
  • We navigate to closed alerts in order to check that the alerts have been closed
  • We navigate to opened alerts and we check that no new rules have been populated
  • We delete the exception
  • We load a new set of data
  • We wait for the rule to be executed
  • We check that the rule has populated the expected alerts

MadameSheema and others added 30 commits September 15, 2020 21:46
@MadameSheema
improves 'Creates and activates a new custom rule' test
ee00b9f
@MadameSheema
fixes constant problem
5e3f5d5
@MadameSheema
improves 'Creates and activates a new custom rule with override optio…
0b5afe1 
…n' test
@MadameSheema
improves 'Creates and activates a new threshold rule' test
0c34e9b
@MadameSheema
Merge branch 'master' into improves-detections
d97ef1a 
# Conflicts:
#	x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_custom.spec.ts
#	x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_ml.spec.ts
#	x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_override.spec.ts
#	x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_threshold.spec.ts
#	x-pack/plugins/security_solution/cypress/screens/rule_details.ts
#	x-pack/plugins/security_solution/cypress/tasks/create_new_rule.ts
@MadameSheema
refactor
56c4c92
@MadameSheema
fixes type check issue
5ac8324
@elasticmachine
Merge branch 'master' into improves-detections
579fb54
@MadameSheema
improves assertions
9486073
@MadameSheema
Merge branch 'improves-detections' of github.com:MadameSheema/kibana …
f41a9e8 
…into improves-detections
@elasticmachine
Merge branch 'master' into improves-detections
a1948b1
@elasticmachine
Merge branch 'master' into improves-detections
5a48b9b
@MadameSheema
removes unused code
578ce01
@MadameSheema
changes variables for constants
f9c3555
@MadameSheema
improves 'waitForTheRuleToBeExecuted' test
6fe2d60
@MadameSheema
improves readability
905ee85
@elasticmachine
Merge branch 'master' into improves-detections
c061b7a
@elasticmachine
Merge branch 'master' into improves-detections
da955b6
@elasticmachine
Merge branch 'master' into improves-detections
6a2ec50
@elasticmachine
Merge branch 'master' into improves-detections
26e6298
@MadameSheema
fixes jenkins error
492cf98
@elasticmachine
Merge branch 'master' into improves-detections
2fe6861
@MadameSheema
refactor
1e7dde8
@MadameSheema
Merge branch 'improves-detections' of github.com:MadameSheema/kibana …
3b8ca5e 
…into improves-detections
@MadameSheema
blah
2d658a5
@MadameSheema
more things
1b65879
@MadameSheema
Merge branch 'master' into exceptions
1932b31 
# Conflicts:
#	x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_custom.spec.ts
#	x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_ml.spec.ts
#	x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_override.spec.ts
#	x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_threshold.spec.ts
#	x-pack/plugins/security_solution/cypress/screens/rule_details.ts
#	x-pack/plugins/security_solution/cypress/tasks/create_new_rule.ts
@MadameSheema
finishes 'Creates an exception from rule details and deletes the excp…
edd4e7b 
…etion' implementation
@MadameSheema
implements 'Creates an exception from an alert and deletes the except…
85da013 
…ion'
@MadameSheema
Merge branch 'master' into exceptions
1c5ff10
@MadameSheema
Copy link
Member Author

@elasticmachine merge upstream

peluja1012
peluja1012 approved these changes Nov 25, 2020
View reviewed changes
Copy link
Contributor

@peluja1012 peluja1012 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks for added coverage and for helping debug the "conflict" issue!

@MadameSheema MadameSheema requested a review from a team as a code owner November 26, 2020 16:53
@MadameSheema MadameSheema force-pushed the exceptions branch 9 times, most recently from df1b01e to 537aad6 Compare November 27, 2020 15:05
@patrykkopycinski
Copy link
Contributor

@elasticmachine merge upstream

@MadameSheema
Copy link
Member Author

@elasticmachine merge upstream

@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 8.0MB 8.0MB +159.0B

Distributable file count

id before after diff
default 43134 43139 +5

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@MadameSheema MadameSheema merged commit 4546352 into elastic:master Nov 30, 2020
@MadameSheema MadameSheema deleted the exceptions branch November 30, 2020 09:37
@MadameSheema MadameSheema mentioned this pull request Nov 30, 2020
Merged
MadameSheema added a commit to MadameSheema/kibana that referenced this pull request Nov 30, 2020
@MadameSheema @elasticmachine @kibanamachine
[Security Solution] Exceptions Cypress tests (elastic#81759)
c77af0a 
* improves 'Creates and activates a new custom rule' test

* fixes constant problem

* improves 'Creates and activates a new custom rule with override option' test

* improves 'Creates and activates a new threshold rule' test

* refactor

* fixes type check issue

* improves assertions

* removes unused code

* changes variables for constants

* improves 'waitForTheRuleToBeExecuted' test

* improves readability

* fixes jenkins error

* refactor

* blah

* more things

* finishes 'Creates an exception from rule details and deletes the excpetion' implementation

* implements 'Creates an exception from an alert and deletes the exception'

* updates VALUES_INPUT locator

* updates archiver

* refactor

* improves the code

* fixes CI error

* renames exceptions archive

* refactor

* fixes merge issue

* fixes CI issue

* debug

* refactor

* improves test data

* removes signals index after the execution

* removes unused line

* removes unused variable

* refactors 'numberOfauditbeatExceptionsAlerts' constant to camel case

* simplifies the archive

* waits for the rule to be executed after navigating to opened alerts tab

* cleaning data

* fixes tests flakiness

* cleans test data

* refactors code

* removes unsused archives

* cleans data

* simplifies data

* fixes CI issue

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
gmmorris added a commit to gmmorris/kibana that referenced this pull request Nov 30, 2020
@gmmorris
Merge branch 'master' into alerts/custom-recovery-action-group
09732bd 
* master:
  [Security Solution] Exceptions Cypress tests (elastic#81759)
  [ML] Fix spaces job ID check (elastic#84404)
  [Security Solution][Detections] Handle dupes when processing threshold rules (elastic#83062)
  skip flaky suite (elastic#84440)
  skip flaky suite (elastic#84445)
  [APM] Fix missing `service.node.name` (elastic#84269)
  Upgrade fp-ts to 2.8.6 (elastic#83866)
  Added data streams privileges to better control delete actions in UI (elastic#83573)
  Improve short-url redirect validation (elastic#84366)
  TSVB offsets (elastic#83051)
  [Discover] Fix navigating back when changing index pattern (elastic#84061)
  [Logs UI] Polish the UI for the log entry examples in the anomaly table (elastic#82139)
  [Logs UI] Limit the height of the "view in context" container (elastic#83178)
  [Application Usage] Update `schema` with new `fleet` rename (elastic#84327)
  fix identation in list (elastic#84301)
MadameSheema added a commit that referenced this pull request Nov 30, 2020
@MadameSheema @elasticmachine @kibanamachine
[Security Solution] Exceptions Cypress tests (#81759) (#84469)
ffe6614 
* improves 'Creates and activates a new custom rule' test

* fixes constant problem

* improves 'Creates and activates a new custom rule with override option' test

* improves 'Creates and activates a new threshold rule' test

* refactor

* fixes type check issue

* improves assertions

* removes unused code

* changes variables for constants

* improves 'waitForTheRuleToBeExecuted' test

* improves readability

* fixes jenkins error

* refactor

* blah

* more things

* finishes 'Creates an exception from rule details and deletes the excpetion' implementation

* implements 'Creates an exception from an alert and deletes the exception'

* updates VALUES_INPUT locator

* updates archiver

* refactor

* improves the code

* fixes CI error

* renames exceptions archive

* refactor

* fixes merge issue

* fixes CI issue

* debug

* refactor

* improves test data

* removes signals index after the execution

* removes unused line

* removes unused variable

* refactors 'numberOfauditbeatExceptionsAlerts' constant to camel case

* simplifies the archive

* waits for the rule to be executed after navigating to opened alerts tab

* cleaning data

* fixes tests flakiness

* cleans test data

* refactors code

* removes unsused archives

* cleans data

* simplifies data

* fixes CI issue

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
phillipb added a commit to phillipb/kibana that referenced this pull request Nov 30, 2020
@phillipb
Merge branch 'add-metadata-to-node-details' of github.com:phillipb/ki…
6a491e8 
…bana into add-metadata-to-node-details

* 'add-metadata-to-node-details' of github.com:phillipb/kibana:
  [APM] ML anomaly detection integration: Displaying anomaly job results in the Transaction duration chart is not as intended  (elastic#84415)
  Support for painless language autocomplete within monaco (elastic#80577)
  [Lens] Time scale ui (elastic#83904)
  removing beta callouts (elastic#84510)
  [Lens] (Accessibility) add aria-label to chart type icon (elastic#84493)
  Trusted Apps signer API. (elastic#83661)
  increase stdout max listeners for legacy logging (elastic#84497)
  [APM] Service overview: Add throughput chart (elastic#84439)
  [Discover] Unskip main functional tests (elastic#84300)
  Uptime overview overhaul (elastic#83406)
  [APM] Adjust time formats based on the difference between start and end (elastic#84470)
  [ML] Renaming saved object repair to sync (elastic#84311)
  [UsageCollection] Remove `formatBulkUpload` and other unused APIs (elastic#84313)
  [Visualizations] Adds visConfig.title and uiState to build pipeline function (elastic#84456)
  [Elasticsearch Migration] Update docs re UsageCollection (elastic#84322)
  TSVB field list performance issue on using annotations (elastic#84407)
  [Security Solution] Exceptions Cypress tests (elastic#81759)
  [ML] Fix spaces job ID check (elastic#84404)
  [Security Solution][Detections] Handle dupes when processing threshold rules (elastic#83062)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@peluja1012 peluja1012 peluja1012 approved these changes

Assignees

@MadameSheema MadameSheema

Labels
release_note:skip Skip the PR/issue when compiling release notes Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v7.11.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@MadameSheema @kibanamachine @peluja1012 @patrykkopycinski @MindyRS @elasticmachine