[Security Solution] adds 'Alert details with unmapped fields' test (#98800)

* adds 'Alert details with unmapped fields' test * fixes test * improvements * fixes Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
2021-05-04 08:00:36 +02:00 · 2021-05-04 08:00:36 +02:00 · 218abe41fe
parent 8b8d4d83b6
commit 218abe41fe
6 changed files with 116 additions and 7 deletions
--- a/x-pack/plugins/security_solution/cypress/integration/detection_alerts/alerts_details.spec.ts
+++ b/x-pack/plugins/security_solution/cypress/integration/detection_alerts/alerts_details.spec.ts
@ -0,0 +1,52 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { JSON_LINES } from '../../screens/alerts_details';
+
+import {
+  expandFirstAlert,
+  waitForAlertsIndexToBeCreated,
+  waitForAlertsPanelToBeLoaded,
+} from '../../tasks/alerts';
+import { openJsonView, scrollJsonViewToBottom } from '../../tasks/alerts_details';
+import { createCustomRuleActivated } from '../../tasks/api_calls/rules';
+import { cleanKibana } from '../../tasks/common';
+import { esArchiverLoad } from '../../tasks/es_archiver';
+import { loginAndWaitForPageWithoutDateRange } from '../../tasks/login';
+
+import { unmappedRule } from '../../objects/rule';
+
+import { DETECTIONS_URL } from '../../urls/navigation';
+
+describe('Alert details with unmapped fields', () => {
+  before(() => {
+    cleanKibana();
+    esArchiverLoad('unmapped_fields');
+    loginAndWaitForPageWithoutDateRange(DETECTIONS_URL);
+    waitForAlertsPanelToBeLoaded();
+    waitForAlertsIndexToBeCreated();
+    createCustomRuleActivated(unmappedRule);
+  });
+  beforeEach(() => {
+    loginAndWaitForPageWithoutDateRange(DETECTIONS_URL);
+    waitForAlertsPanelToBeLoaded();
+    expandFirstAlert();
+  });
+  it('Displays the unmapped field on the JSON view', () => {
+    const expectedUnmappedField = { line: 2, text: '  "unmapped": "This is the unmapped field"' };
+
+    openJsonView();
+    scrollJsonViewToBottom();
+
+    cy.get(JSON_LINES).then((elements) => {
+      const length = elements.length;
+      cy.wrap(elements)
+        .eq(length - expectedUnmappedField.line)
+        .should('have.text', expectedUnmappedField.text);
+    });
+  });
+});
--- a/x-pack/plugins/security_solution/cypress/objects/rule.ts
+++ b/x-pack/plugins/security_solution/cypress/objects/rule.ts
@ -170,7 +170,25 @@ export const newRule: CustomRule = {
  severity: 'High',
  riskScore: '17',
  tags: ['test', 'newRule'],
-  referenceUrls: ['https://www.google.com/', 'https://elastic.co/'],
+  referenceUrls: ['http://example.com/', 'https://example.com/'],
+  falsePositivesExamples: ['False1', 'False2'],
+  mitre: [mitre1, mitre2],
+  note: '# test markdown',
+  runsEvery,
+  lookBack,
+  timeline,
+  maxSignals: 100,
+};
+
+export const unmappedRule: CustomRule = {
+  customQuery: '*:*',
+  index: ['unmapped*'],
+  name: 'Rule with unmapped fields',
+  description: 'The new rule description.',
+  severity: 'High',
+  riskScore: '17',
+  tags: ['test', 'newRule'],
+  referenceUrls: ['http://example.com/', 'https://example.com/'],
  falsePositivesExamples: ['False1', 'False2'],
  mitre: [mitre1, mitre2],
  note: '# test markdown',
@ -209,7 +227,7 @@ export const newOverrideRule: OverrideRule = {
  severity: 'High',
  riskScore: '17',
  tags: ['test', 'newRule'],
-  referenceUrls: ['https://www.google.com/', 'https://elastic.co/'],
+  referenceUrls: ['http://example.com/', 'https://example.com/'],
  falsePositivesExamples: ['False1', 'False2'],
  mitre: [mitre1, mitre2],
  note: '# test markdown',
@ -231,7 +249,7 @@ export const newThresholdRule: ThresholdRule = {
  severity: 'High',
  riskScore: '17',
  tags: ['test', 'newRule'],
-  referenceUrls: ['https://www.google.com/', 'https://elastic.co/'],
+  referenceUrls: ['http://example.com/', 'https://example.com/'],
  falsePositivesExamples: ['False1', 'False2'],
  mitre: [mitre1, mitre2],
  note: '# test markdown',
@ -267,7 +285,7 @@ export const eqlRule: CustomRule = {
  severity: 'High',
  riskScore: '17',
  tags: ['test', 'newRule'],
-  referenceUrls: ['https://www.google.com/', 'https://elastic.co/'],
+  referenceUrls: ['http://example.com/', 'https://example.com/'],
  falsePositivesExamples: ['False1', 'False2'],
  mitre: [mitre1, mitre2],
  note: '# test markdown',
@ -288,7 +306,7 @@ export const eqlSequenceRule: CustomRule = {
  severity: 'High',
  riskScore: '17',
  tags: ['test', 'newRule'],
-  referenceUrls: ['https://www.google.com/', 'https://elastic.co/'],
+  referenceUrls: ['http://example.com/', 'https://example.com/'],
  falsePositivesExamples: ['False1', 'False2'],
  mitre: [mitre1, mitre2],
  note: '# test markdown',
@ -305,7 +323,7 @@ export const newThreatIndicatorRule: ThreatIndicatorRule = {
  severity: 'Critical',
  riskScore: '20',
  tags: ['test', 'threat'],
-  referenceUrls: ['https://www.google.com/', 'https://elastic.co/'],
+  referenceUrls: ['http://example.com/', 'https://example.com/'],
  falsePositivesExamples: ['False1', 'False2'],
  mitre: [mitre1, mitre2],
  note: '# test markdown',
--- a/x-pack/plugins/security_solution/cypress/tasks/alerts_details.ts
+++ b/x-pack/plugins/security_solution/cypress/tasks/alerts_details.ts
@ -14,4 +14,5 @@ export const openJsonView = () => {
 export const scrollJsonViewToBottom = () => {
  cy.get(JSON_CONTENT).click({ force: true });
  cy.get(JSON_CONTENT).type('{pagedown}{pagedown}{pagedown}');
+  cy.get(JSON_CONTENT).should('be.visible');
 };
--- a/x-pack/plugins/security_solution/cypress/tasks/api_calls/rules.ts
+++ b/x-pack/plugins/security_solution/cypress/tasks/api_calls/rules.ts
@ -85,7 +85,7 @@ export const createCustomRuleActivated = (
      severity: rule.severity.toLocaleLowerCase(),
      type: 'query',
      from: 'now-17520h',
-      index: ['auditbeat-*'],
+      index: rule.index,
      query: rule.customQuery,
      language: 'kuery',
      enabled: true,
--- a/x-pack/test/security_solution_cypress/es_archives/unmapped_fields/data.json
+++ b/x-pack/test/security_solution_cypress/es_archives/unmapped_fields/data.json
@ -0,0 +1,14 @@
+{
+  "type": "doc",
+  "value": {
+    "id": "_eZE7mwBOpWiDweStB_c",
+    "index": "unmapped-7.12.0-2021.03.10-000001",
+    "source": {
+      "@timestamp":"2021-02-22T21:00:49.337Z",
+      "mydestination":{
+        "ip": ["127.0.0.1", "127.0.0.2"]
+      },
+      "unmapped": "This is the unmapped field"
+    }
+  }
+}
--- a/x-pack/test/security_solution_cypress/es_archives/unmapped_fields/mappings.json
+++ b/x-pack/test/security_solution_cypress/es_archives/unmapped_fields/mappings.json
@ -0,0 +1,24 @@
+{
+  "type": "index",
+  "value": {
+    "aliases": {
+    },
+    "index": "unmapped-7.12.0-2021.03.10-000001",
+    "mappings": {
+      "dynamic": false,
+      "properties":{
+        "@timestamp":{
+          "type":"date"
+        },
+        "mydestination":{
+          "properties":{
+            "ip":{
+              "index": "false",
+              "type":"ip"
+            }
+          }
+        }
+      }
+    }
+  }
+}