Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Detections] Update rule integration tests #98512

Merged
merged 4 commits into from
May 29, 2021
Merged

[Security Solution][Detections] Update rule integration tests #98512

merged 4 commits into from
May 29, 2021

Conversation

dplumlee
Copy link
Contributor

@dplumlee dplumlee commented Apr 27, 2021
edited
Loading

Summary

Updates rule integration tests to compare full _source outputs instead of just signal outputs. Also adds rule_name_override integration tests

Checklist

Delete any items that are not applicable to this PR.

For maintainers

@dplumlee dplumlee added v8.0.0 Feature:Detection Rules Security Solution rules and Detection Engine Team:Detections and Resp Security Detection Response Team v7.14.0 labels Apr 27, 2021
@dplumlee dplumlee self-assigned this Apr 27, 2021
@dplumlee dplumlee force-pushed the update-rule-integration-tests branch from 957c122 to 6ef7187 Compare May 26, 2021 07:31
@dplumlee dplumlee marked this pull request as ready for review May 26, 2021 07:38
@dplumlee dplumlee requested a review from a team as a code owner May 26, 2021 07:38
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@dplumlee dplumlee added the release_note:skip Skip the PR/issue when compiling release notes label May 26, 2021
@dplumlee
Copy link
Contributor Author

@elasticmachine merge upstream

marshallmain
marshallmain reviewed May 28, 2021
View reviewed changes
Copy link
Contributor

@marshallmain marshallmain left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One small addition to the rule name override test, other than that it looks great. Thanks for fleshing out these tests!

x-pack/test/detection_engine_api_integration/security_and_spaces/tests/generating_signals.ts Outdated
},
],
status: 'open',
rule: fullSignal.signal.rule,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here we want to check that signal.rule.name is properly overridden with the value from the event.action field. To avoid checking the rest of the fields you could do something like

rule: {
  ...fullSignal.signal.rule,
  name: 'boot',
  rule_name_override: 'event.action',
}

@dplumlee dplumlee force-pushed the update-rule-integration-tests branch from 6532fd9 to 3db2841 Compare May 28, 2021 23:56
marshallmain
marshallmain approved these changes May 28, 2021
View reviewed changes
Copy link
Contributor

@marshallmain marshallmain left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM pending CI pass

@dplumlee dplumlee added the auto-backport Deprecated - use backport:version if exact versions are needed label May 29, 2021
@dplumlee dplumlee enabled auto-merge (squash) May 29, 2021 00:44
@kibanamachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

Unknown metric groups

References to deprecated APIs

id before after diff
canvas 29 25 -4
crossClusterReplication 8 6 -2
fleet 22 20 -2
globalSearch 4 2 -2
indexManagement 12 7 -5
infra 261 149 -112
lens 67 45 -22
licensing 18 15 -3
lists 239 236 -3
maps 286 208 -78
ml 121 115 -6
monitoring 109 56 -53
securitySolution 390 346 -44
stackAlerts 101 95 -6
total -342

History

  • 💚 Build #128055 succeeded 6532fd9243e7994f903fa3a695cbed7d49b79b93
  • 💚 Build #127309 succeeded 6ef71874685f7de5d57f0512087d6aba4b1fd5dd
  • 💔 Build #122748 failed 957c122167207d695d5cc6d19ea7f11b1c2af261

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @dplumlee

@dplumlee dplumlee merged commit 418a3d3 into elastic:master May 29, 2021
@kibanamachine kibanamachine mentioned this pull request May 29, 2021
Merged
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request May 29, 2021
@dplumlee @kibanamachine
[Security Solution][Detections] Update rule integration tests (elasti…
d5accf7 
…c#98512)
@kibanamachine
Copy link
Contributor

💚 Backport successful

Status Branch Result
7.x

This backport PR will be merged automatically after passing CI.

@dplumlee dplumlee deleted the update-rule-integration-tests branch May 29, 2021 02:31
kibanamachine added a commit that referenced this pull request May 29, 2021
@kibanamachine @dplumlee
[Security Solution][Detections] Update rule integration tests (#98512) (
ad66f73 
#100960)

Co-authored-by: Davis Plumlee <56367316+dplumlee@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marshallmain marshallmain marshallmain approved these changes

Assignees

@dplumlee dplumlee

Labels
auto-backport Deprecated - use backport:version if exact versions are needed Feature:Detection Rules Security Solution rules and Detection Engine release_note:skip Skip the PR/issue when compiling release notes Team:Detections and Resp Security Detection Response Team v7.14.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@dplumlee @elasticmachine @kibanamachine @marshallmain