maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

[Security Solution, Lists] Replace legacy imports from 'elasticsearch' package (#107226)

Browse source 
* Remove legacy imports from 'elasticsearch' package

This prefers the newer types from '@elastic/elasticsearch'.

There was one instance where mock data was insufficient to satisfy the
newer analogous types; in all other cases this was just a find/replace.

* Fix type errors with a null guard

We know that this mock has hits with _source values, but we cannot
convey this to typescript as null assertions are disabled within this
project. This seems like the next best solution, preferable to a
@ts-expect-error.

* Fix a few more type errors

* Replace legacy type imports in integration tests

* refactors destructuring due to _source being properly declared as
  conditional

* Update more integration tests to account for our optional _source

Changes here fall into one of two categories:

* If the test was making an assertion on a value from _source, we simply
null chain and continue to assert on a possibly undefined value.

* If the test logic depends on _source being present, we first assert that
presence, and exit the test early if absent.

* Fix more type errors

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
This commit is contained in:
Ryland Herrick 2021-08-05 14:36:44 -05:00 committed by GitHub
parent 500905c2b1
commit 8665f36cf3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
41 changed files with 532 additions and 485 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
x-pack/plugins/lists/server/schemas/common/get_shard.mock.ts
View file

@ -5,9 +5,9 @@
* 2.0.
*/
import { ShardsResponse } from 'elasticsearch';
import type { estypes } from '@elastic/elasticsearch';
export const getShardMock = (): ShardsResponse => ({
export const getShardMock = (): estypes.ShardStatistics => ({
failed: 0,
skipped: 0,
successful: 0,

4
x-pack/plugins/lists/server/schemas/elastic_response/search_es_list_item_schema.mock.ts
View file

@ -5,7 +5,7 @@
* 2.0.
*/
import { SearchResponse } from 'elasticsearch';
import type { estypes } from '@elastic/elasticsearch';
import {
DATE_NOW,
@ -61,7 +61,7 @@ export const getSearchEsListItemMock = (): SearchEsListItemSchema => ({
ip: VALUE,
});
export const getSearchListItemMock = (): SearchResponse<SearchEsListItemSchema> => ({
export const getSearchListItemMock = (): estypes.SearchResponse<SearchEsListItemSchema> => ({
_scroll_id: '123',
_shards: getShardMock(),
hits: {

6
x-pack/plugins/lists/server/schemas/elastic_response/search_es_list_schema.mock.ts
View file

@ -5,7 +5,7 @@
* 2.0.
*/
import { SearchResponse } from 'elasticsearch';
import type { estypes } from '@elastic/elasticsearch';
import {
DATE_NOW,
@ -40,7 +40,7 @@ export const getSearchEsListMock = (): SearchEsListSchema => ({
version: VERSION,
});
export const getSearchListMock = (): SearchResponse<SearchEsListSchema> => ({
export const getSearchListMock = (): estypes.SearchResponse<SearchEsListSchema> => ({
_scroll_id: '123',
_shards: getShardMock(),
hits: {
@ -60,7 +60,7 @@ export const getSearchListMock = (): SearchResponse<SearchEsListSchema> => ({
took: 10,
});
export const getEmptySearchListMock = (): SearchResponse<SearchEsListSchema> => ({
export const getEmptySearchListMock = (): estypes.SearchResponse<SearchEsListSchema> => ({
_scroll_id: '123',
_shards: getShardMock(),
hits: {

4
x-pack/plugins/lists/server/services/items/find_list_item.mock.ts
View file

@ -5,7 +5,7 @@
* 2.0.
*/
import { Client } from 'elasticsearch';
import type { estypes } from '@elastic/elasticsearch';
// eslint-disable-next-line @kbn/eslint/no-restricted-paths
import { elasticsearchClientMock } from 'src/core/server/elasticsearch/client/mocks';
@ -14,7 +14,7 @@ import { getShardMock } from '../../schemas/common/get_shard.mock';
import { FindListItemOptions } from './find_list_item';
export const getFindCount = (): ReturnType<Client['count']> => {
export const getFindCount = (): Promise<estypes.CountResponse> => {
return Promise.resolve({
_shards: getShardMock(),
count: 1,

4
x-pack/plugins/lists/server/services/items/write_list_items_to_stream.test.ts
View file

@ -106,7 +106,9 @@ describe('write_list_items_to_stream', () => {
firstResponse.hits.hits[0].sort = ['some-sort-value'];
const secondResponse = getSearchListItemMock();
secondResponse.hits.hits[0]._source.ip = '255.255.255.255';
if (secondResponse.hits.hits[0]._source) {
secondResponse.hits.hits[0]._source.ip = '255.255.255.255';
}
const esClient = elasticsearchClientMock.createScopedClusterClient().asCurrentUser;
esClient.search.mockResolvedValueOnce(

12
x-pack/plugins/lists/server/services/utils/transform_elastic_to_list_item.test.ts
View file

@ -37,8 +37,10 @@ describe('transform_elastic_to_list_item', () => {
test('it transforms an elastic keyword type to a list item type', () => {
const response = getSearchListItemMock();
response.hits.hits[0]._source.ip = undefined;
response.hits.hits[0]._source.keyword = 'host-name-example';
if (response.hits.hits[0]._source) {
response.hits.hits[0]._source.ip = undefined;
response.hits.hits[0]._source.keyword = 'host-name-example';
}
const queryFilter = transformElasticToListItem({
response,
type: 'keyword',
@ -68,8 +70,10 @@ describe('transform_elastic_to_list_item', () => {
const {
hits: { hits },
} = getSearchListItemMock();
hits[0]._source.ip = undefined;
hits[0]._source.keyword = 'host-name-example';
if (hits[0]._source) {
hits[0]._source.ip = undefined;
hits[0]._source.keyword = 'host-name-example';
}
const queryFilter = transformElasticHitsToListItem({
hits,
type: 'keyword',

4
x-pack/plugins/security_solution/public/common/components/exceptions/use_add_exception.test.tsx
View file

@ -6,6 +6,7 @@
*/
import { act, renderHook, RenderHookResult } from '@testing-library/react-hooks';
import type { estypes } from '@elastic/elasticsearch';
import { coreMock } from '../../../../../../../src/core/public/mocks';
import { KibanaServices } from '../../../common/lib/kibana';
@ -28,7 +29,6 @@ import {
ReturnUseAddOrUpdateException,
AddOrUpdateExceptionItemsFunc,
} from './use_add_exception';
import { UpdateDocumentByQueryResponse } from 'elasticsearch';
const mockKibanaHttpService = coreMock.createStart().http;
const mockKibanaServices = KibanaServices.get as jest.Mock;
@ -39,7 +39,7 @@ const fetchMock = jest.fn();
mockKibanaServices.mockReturnValue({ http: { fetch: fetchMock } });
describe('useAddOrUpdateException', () => {
let updateAlertStatus: jest.SpyInstance<Promise<UpdateDocumentByQueryResponse>>;
let updateAlertStatus: jest.SpyInstance<Promise<estypes.UpdateByQueryResponse>>;
let addExceptionListItem: jest.SpyInstance<Promise<ExceptionListItemSchema>>;
let updateExceptionListItem: jest.SpyInstance<Promise<ExceptionListItemSchema>>;
let getQueryFilter: jest.SpyInstance<ReturnType<typeof getQueryFilterHelper.getQueryFilter>>;

6
x-pack/plugins/security_solution/public/common/components/exceptions/use_add_exception.tsx
View file

@ -6,7 +6,7 @@
*/
import { useEffect, useRef, useState, useCallback } from 'react';
import { UpdateDocumentByQueryResponse } from 'elasticsearch';
import type { estypes } from '@elastic/elasticsearch';
import type {
ExceptionListItemSchema,
CreateExceptionListItemSchema,
@ -120,8 +120,8 @@ export const useAddOrUpdateException = ({
try {
setIsLoading(true);
let alertIdResponse: UpdateDocumentByQueryResponse | undefined;
let bulkResponse: UpdateDocumentByQueryResponse | undefined;
let alertIdResponse: estypes.UpdateByQueryResponse | undefined;
let bulkResponse: estypes.UpdateByQueryResponse | undefined;
if (alertIdToClose != null) {
alertIdResponse = await updateAlertStatus({
query: getUpdateAlertsQuery([alertIdToClose]),

8
x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx
View file

@ -94,7 +94,7 @@ export const updateAlertStatusAction = async ({
// TODO: Only delete those that were successfully updated from updatedRules
setEventsDeleted({ eventIds: alertIds, isDeleted: true });
if (response.version_conflicts > 0 && alertIds.length === 1) {
if (response.version_conflicts && alertIds.length === 1) {
throw new Error(
i18n.translate(
'xpack.securitySolution.detectionEngine.alerts.updateAlertStatusFailedSingleAlert',
@ -105,7 +105,11 @@ export const updateAlertStatusAction = async ({
);
}
onAlertStatusUpdateSuccess(response.updated, response.version_conflicts, selectedStatus);
onAlertStatusUpdateSuccess(
response.updated ?? 0,
response.version_conflicts ?? 0,
selectedStatus
);
} catch (error) {
onAlertStatusUpdateFailure(selectedStatus, error);
} finally {

4
x-pack/plugins/security_solution/public/detections/containers/detection_engine/alerts/api.ts
View file

@ -5,7 +5,7 @@
* 2.0.
*/
import { UpdateDocumentByQueryResponse } from 'elasticsearch';
import type { estypes } from '@elastic/elasticsearch';
import { getCasesFromAlertsUrl } from '../../../../../../cases/common';
import { HostIsolationResponse, HostInfo } from '../../../../../common/endpoint/types';
import {
@ -62,7 +62,7 @@ export const updateAlertStatus = async ({
query,
status,
signal,
}: UpdateAlertStatusProps): Promise<UpdateDocumentByQueryResponse> =>
}: UpdateAlertStatusProps): Promise<estypes.UpdateByQueryResponse> =>
KibanaServices.get().http.fetch(DETECTION_ENGINE_SIGNALS_STATUS_URL, {
method: 'POST',
body: JSON.stringify({ conflicts: 'proceed', status, ...query }),

16
x-pack/plugins/security_solution/public/hosts/components/authentications_table/mock.ts
View file

@ -5,12 +5,24 @@
* 2.0.
*/
import { SearchResponse } from 'elasticsearch';
import type { estypes } from '@elastic/elasticsearch';
import { HostAuthenticationsStrategyResponse } from '../../../../common/search_strategy/security_solution/hosts/authentications';
export const mockData: { Authentications: HostAuthenticationsStrategyResponse } = {
Authentications: {
rawResponse: {
took: 880,
timed_out: false,
_shards: {
total: 26,
successful: 26,
skipped: 0,
failed: 0,
},
hits: {
total: 2,
hits: [],
},
aggregations: {
group_by_users: {
buckets: [
@ -32,7 +44,7 @@ export const mockData: { Authentications: HostAuthenticationsStrategyResponse }
sum_other_doc_count: 566,
},
},
} as SearchResponse<unknown>,
} as estypes.SearchResponse<unknown>,
totalCount: 54,
edges: [
{

8
x-pack/plugins/security_solution/server/endpoint/routes/metadata/support/test_support.ts
View file

@ -5,10 +5,12 @@
* 2.0.
*/
import { SearchResponse } from 'elasticsearch';
import type { estypes } from '@elastic/elasticsearch';
import { HostMetadata } from '../../../../../common/endpoint/types';
export function createV2SearchResponse(hostMetadata?: HostMetadata): SearchResponse<HostMetadata> {
export function createV2SearchResponse(
hostMetadata?: HostMetadata
): estypes.SearchResponse<HostMetadata> {
return ({
took: 15,
timed_out: false,
@ -38,5 +40,5 @@ export function createV2SearchResponse(hostMetadata?: HostMetadata): SearchRespo
]
: [],
},
} as unknown) as SearchResponse<HostMetadata>;
} as unknown) as estypes.SearchResponse<HostMetadata>;
}

6
x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.test.ts
View file

@ -22,7 +22,7 @@ import {
loggingSystemMock,
savedObjectsClientMock,
} from '../../../../../../../src/core/server/mocks';
import { SearchResponse } from 'elasticsearch';
import type { estypes } from '@elastic/elasticsearch';
import { GetHostPolicyResponse, HostPolicyResponse } from '../../../../common/endpoint/types';
import { EndpointDocGenerator } from '../../../../common/endpoint/generate_data';
import { parseExperimentalConfigValue } from '../../../../common/experimental_features';
@ -239,7 +239,7 @@ describe('test policy response handler', () => {
*/
function createSearchResponse(
hostPolicyResponse?: HostPolicyResponse
): SearchResponse<HostPolicyResponse> {
): estypes.SearchResponse<HostPolicyResponse> {
return ({
took: 15,
timed_out: false,
@ -267,5 +267,5 @@ function createSearchResponse(
]
: [],
},
} as unknown) as SearchResponse<HostPolicyResponse>;
} as unknown) as estypes.SearchResponse<HostPolicyResponse>;
}

7
x-pack/plugins/security_solution/server/endpoint/services/metadata/metadata.ts
View file

@ -5,8 +5,7 @@
* 2.0.
*/
import { SearchRequest } from '@elastic/elasticsearch/api/types';
import { SearchResponse } from 'elasticsearch';
import type { estypes } from '@elastic/elasticsearch';
import { HostMetadata } from '../../../../common/endpoint/types';
import { SecuritySolutionRequestHandlerContext } from '../../../types';
import { getESQueryHostMetadataByIDs } from '../../routes/metadata/query_builders';
@ -20,7 +19,7 @@ export async function getMetadataForEndpoints(
): Promise<HostMetadata[]> {
const query = getESQueryHostMetadataByIDs(endpointIDs);
const esClient = requestHandlerContext.core.elasticsearch.client.asCurrentUser;
const { body } = await esClient.search<HostMetadata>(query as SearchRequest);
const hosts = queryResponseToHostListResult(body as SearchResponse<HostMetadata>);
const { body } = await esClient.search<HostMetadata>(query as estypes.SearchRequest);
const hosts = queryResponseToHostListResult(body as estypes.SearchResponse<HostMetadata>);
return hosts.resultList;
}

14
x-pack/test/case_api_integration/security_and_spaces/tests/common/cases/patch_cases.ts
View file

@ -805,7 +805,7 @@ export default ({ getService }: FtrProviderContext): void => {
const signals = await getSignalsByIds(supertest, [id]);
const alert = signals.hits.hits[0];
expect(alert._source.signal.status).eql('open');
expect(alert._source?.signal.status).eql('open');
const caseUpdated = await createComment({
supertest,
@ -846,7 +846,7 @@ export default ({ getService }: FtrProviderContext): void => {
.send(getQuerySignalIds([alert._id]))
.expect(200);
expect(updatedAlert.hits.hits[0]._source.signal.status).eql('in-progress');
expect(updatedAlert.hits.hits[0]._source?.signal.status).eql('in-progress');
});
it('does NOT updates alert status when the status is updated and syncAlerts=false', async () => {
@ -863,7 +863,7 @@ export default ({ getService }: FtrProviderContext): void => {
const signals = await getSignalsByIds(supertest, [id]);
const alert = signals.hits.hits[0];
expect(alert._source.signal.status).eql('open');
expect(alert._source?.signal.status).eql('open');
const caseUpdated = await createComment({
supertest,
@ -899,7 +899,7 @@ export default ({ getService }: FtrProviderContext): void => {
.send(getQuerySignalIds([alert._id]))
.expect(200);
expect(updatedAlert.hits.hits[0]._source.signal.status).eql('open');
expect(updatedAlert.hits.hits[0]._source?.signal.status).eql('open');
});
it('it updates alert status when syncAlerts is turned on', async () => {
@ -916,7 +916,7 @@ export default ({ getService }: FtrProviderContext): void => {
const signals = await getSignalsByIds(supertest, [id]);
const alert = signals.hits.hits[0];
expect(alert._source.signal.status).eql('open');
expect(alert._source?.signal.status).eql('open');
const caseUpdated = await createComment({
supertest,
@ -970,7 +970,7 @@ export default ({ getService }: FtrProviderContext): void => {
.send(getQuerySignalIds([alert._id]))
.expect(200);
expect(updatedAlert.hits.hits[0]._source.signal.status).eql('in-progress');
expect(updatedAlert.hits.hits[0]._source?.signal.status).eql('in-progress');
});
it('it does NOT updates alert status when syncAlerts is turned off', async () => {
@ -983,7 +983,7 @@ export default ({ getService }: FtrProviderContext): void => {
const signals = await getSignalsByIds(supertest, [id]);
const alert = signals.hits.hits[0];
expect(alert._source.signal.status).eql('open');
expect(alert._source?.signal.status).eql('open');
const caseUpdated = await createComment({
supertest,

4
x-pack/test/case_api_integration/security_and_spaces/tests/common/comments/post_comment.ts
View file

@ -369,7 +369,7 @@ export default ({ getService }: FtrProviderContext): void => {
const signals = await getSignalsByIds(supertest, [id]);
const alert = signals.hits.hits[0];
expect(alert._source.signal.status).eql('open');
expect(alert._source?.signal.status).eql('open');
await createComment({
supertest,
@ -424,7 +424,7 @@ export default ({ getService }: FtrProviderContext): void => {
const signals = await getSignalsByIds(supertest, [id]);
const alert = signals.hits.hits[0];
expect(alert._source.signal.status).eql('open');
expect(alert._source?.signal.status).eql('open');
await createComment({
supertest,

18
x-pack/test/detection_engine_api_integration/basic/tests/open_close_signals.ts
View file

@ -7,7 +7,7 @@
import expect from '@kbn/expect';
import { SearchResponse } from 'elasticsearch';
import type { estypes } from '@elastic/elasticsearch';
import { Signal } from '../../../../plugins/security_solution/server/lib/detection_engine/signals/types';
import {
DETECTION_ENGINE_SIGNALS_STATUS_URL,
@ -93,11 +93,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForSignalsToBePresent(supertest, 10, [id]);
const signalsOpen = await getSignalsByIds(supertest, [id]);
const everySignalOpen = signalsOpen.hits.hits.every(
({
_source: {
signal: { status },
},
}) => status === 'open'
(hit) => hit._source?.signal?.status === 'open'
);
expect(everySignalOpen).to.eql(true);
});
@ -121,7 +117,7 @@ export default ({ getService }: FtrProviderContext) => {
const {
body: signalsClosed,
}: { body: SearchResponse<{ signal: Signal }> } = await supertest
}: { body: estypes.SearchResponse<{ signal: Signal }> } = await supertest
.post(DETECTION_ENGINE_QUERY_SIGNALS_URL)
.set('kbn-xsrf', 'true')
.send(getQuerySignalIds(signalIds))
@ -148,18 +144,14 @@ export default ({ getService }: FtrProviderContext) => {
const {
body: signalsClosed,
}: { body: SearchResponse<{ signal: Signal }> } = await supertest
}: { body: estypes.SearchResponse<{ signal: Signal }> } = await supertest
.post(DETECTION_ENGINE_QUERY_SIGNALS_URL)
.set('kbn-xsrf', 'true')
.send(getQuerySignalIds(signalIds))
.expect(200);
const everySignalClosed = signalsClosed.hits.hits.every(
({
_source: {
signal: { status },
},
}) => status === 'closed'
(hit) => hit._source?.signal?.status === 'closed'
);
expect(everySignalClosed).to.eql(true);
});

4
x-pack/test/detection_engine_api_integration/security_and_spaces/tests/aliases.ts
View file

@ -46,7 +46,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map(
(signal) => (signal._source.host_alias as HostAlias).name
(signal) => (signal._source?.host_alias as HostAlias).name
);
expect(hits).to.eql(['host name 1', 'host name 2', 'host name 3', 'host name 4']);
});
@ -57,7 +57,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((signal) => (signal._source.host as HostAlias).name);
const hits = signalsOpen.hits.hits.map((signal) => (signal._source?.host as HostAlias).name);
expect(hits).to.eql(['host name 1', 'host name 2', 'host name 3', 'host name 4']);
});
});

40
x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_endpoint_exceptions.ts
View file

@ -59,7 +59,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.host).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host).sort();
expect(hits).to.eql([
{
os: { type: 'linux' },
@ -82,7 +82,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.host).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host).sort();
expect(hits).to.eql([
{
os: { name: 'Linux' },
@ -125,7 +125,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.host);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host);
expect(hits).to.eql([
{
os: { name: 'Windows' },
@ -162,7 +162,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.host);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host);
expect(hits).to.eql([
{
os: { name: 'Windows' },
@ -210,7 +210,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.host);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host);
expect(hits).to.eql([
{
os: { name: 'Macos' },
@ -255,7 +255,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.host);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host);
expect(hits).to.eql([
{
os: { name: 'Macos' },
@ -291,7 +291,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.host);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host);
expect(hits).to.eql([
{
os: { type: 'windows' },
@ -328,7 +328,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.host);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host);
expect(hits).to.eql([
{
os: { type: 'windows' },
@ -376,7 +376,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.host);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host);
expect(hits).to.eql([
{
os: { type: 'macos' },
@ -421,7 +421,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.host);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host);
expect(hits).to.eql([
{
os: { type: 'macos' },
@ -457,7 +457,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 6, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.host);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host);
expect(hits).to.eql([
{
os: { type: 'windows' },
@ -503,7 +503,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 6, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.host);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host);
expect(hits).to.eql([
{
os: { type: 'windows' },
@ -560,7 +560,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.host);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host);
expect(hits).to.eql([
{
os: { type: 'macos' },
@ -611,7 +611,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.host);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host);
expect(hits).to.eql([
{
os: { type: 'macos' },
@ -663,7 +663,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.host);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host);
expect(hits).to.eql([
{
os: { type: 'macos' },
@ -703,7 +703,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.host);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host);
expect(hits).to.eql([
{
os: { type: 'macos' },
@ -736,7 +736,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.host);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host);
expect(hits).to.eql([
{
os: { type: 'linux' },
@ -773,7 +773,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.host);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host);
expect(hits).to.eql([
{
os: { type: 'macos' },
@ -807,7 +807,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.host);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host);
expect(hits).to.eql([
{
os: { type: 'macos' },
@ -841,7 +841,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.host);
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host);
expect(hits).to.eql([
{
os: { type: 'linux' },

6
x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_ml.ts
View file

@ -100,6 +100,10 @@ export default ({ getService }: FtrProviderContext) => {
const signalsOpen = await getOpenSignals(supertest, es, createdRule);
expect(signalsOpen.hits.hits.length).eql(1);
const signal = signalsOpen.hits.hits[0];
if (!signal._source) {
return expect(signal._source).to.be.ok();
}
expect(signal._source).eql({
'@timestamp': signal._source['@timestamp'],
actual: [1],
@ -152,7 +156,7 @@ export default ({ getService }: FtrProviderContext) => {
id: createdRule.id,
rule_id: createdRule.rule_id,
created_at: createdRule.created_at,
updated_at: signal._source.signal.rule.updated_at,
updated_at: signal._source?.signal.rule.updated_at,
actions: [],
interval: '5m',
name: 'Test ML rule',

8
x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_signals_migrations.ts
View file

@ -13,6 +13,7 @@ import {
} from '../../../../plugins/security_solution/common/constants';
import { ROLES } from '../../../../plugins/security_solution/common/test';
import { SIGNALS_TEMPLATE_VERSION } from '../../../../plugins/security_solution/server/lib/detection_engine/routes/index/get_signals_template';
import { Signal } from '../../../../plugins/security_solution/server/lib/detection_engine/signals/types';
import { FtrProviderContext } from '../../common/ftr_provider_context';
import {
createSignalsIndex,
@ -96,12 +97,11 @@ export default ({ getService }: FtrProviderContext): void => {
const [{ migration_index: newIndex }] = createResponses;
await waitForIndexToPopulate(es, newIndex);
const { body: migrationResults } = await es.search({ index: newIndex });
const { body: migrationResults } = await es.search<{ signal: Signal }>({ index: newIndex });
expect(migrationResults.hits.hits).length(1);
// @ts-expect-error _source has unknown type
const migratedSignal = migrationResults.hits.hits[0]._source.signal;
expect(migratedSignal._meta.version).to.equal(SIGNALS_TEMPLATE_VERSION);
const migratedSignal = migrationResults.hits.hits[0]._source?.signal;
expect(migratedSignal?._meta?.version).to.equal(SIGNALS_TEMPLATE_VERSION);
});
it('specifying the signals alias itself is a bad request', async () => {

19
x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_threat_matching.ts
View file

@ -153,9 +153,12 @@ export default ({ getService }: FtrProviderContext) => {
const signalsOpen = await getSignalsByIds(supertest, [id]);
expect(signalsOpen.hits.hits.length).equal(10);
const fullSource = signalsOpen.hits.hits.find(
(signal) => signal._source.signal.parents[0].id === '7yJ-B2kBR346wHgnhlMn'
(signal) => signal._source?.signal.parents[0].id === '7yJ-B2kBR346wHgnhlMn'
);
const fullSignal = fullSource!._source; // If this doesn't exist the test is going to fail anyway so using a bang operator here to get rid of ts error
const fullSignal = fullSource?._source;
if (!fullSignal) {
return expect(fullSignal).to.be.ok();
}
expect(fullSignal).eql({
'@timestamp': fullSignal['@timestamp'],
agent: {
@ -439,7 +442,7 @@ export default ({ getService }: FtrProviderContext) => {
expect(signalsOpen.hits.hits.length).equal(2);
const { hits } = signalsOpen.hits;
const threats = hits.map((hit) => hit._source.threat);
const threats = hits.map((hit) => hit._source?.threat);
expect(threats).to.eql([
{
indicator: [
@ -544,7 +547,9 @@ export default ({ getService }: FtrProviderContext) => {
expect(signalsOpen.hits.hits.length).equal(1);
const { hits } = signalsOpen.hits;
const [threat] = hits.map((hit) => hit._source.threat) as Array<{ indicator: unknown[] }>;
const [threat] = hits.map((hit) => hit._source?.threat) as Array<{
indicator: unknown[];
}>;
assertContains(threat.indicator, [
{
@ -644,7 +649,9 @@ export default ({ getService }: FtrProviderContext) => {
expect(signalsOpen.hits.hits.length).equal(1);
const { hits } = signalsOpen.hits;
const [threat] = hits.map((hit) => hit._source.threat) as Array<{ indicator: unknown[] }>;
const [threat] = hits.map((hit) => hit._source?.threat) as Array<{
indicator: unknown[];
}>;
assertContains(threat.indicator, [
{
@ -779,7 +786,7 @@ export default ({ getService }: FtrProviderContext) => {
expect(signalsOpen.hits.hits.length).equal(2);
const { hits } = signalsOpen.hits;
const threats = hits.map((hit) => hit._source.threat) as Array<{ indicator: unknown[] }>;
const threats = hits.map((hit) => hit._source?.threat) as Array<{ indicator: unknown[] }>;
assertContains(threats[0].indicator, [
{

44
x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/date.ts
View file

@ -54,7 +54,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
expect(hits).to.eql([
'2020-10-01T05:08:53.000Z',
'2020-10-02T05:08:53.000Z',
@ -78,7 +78,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
expect(hits).to.eql([
'2020-10-02T05:08:53.000Z',
'2020-10-03T05:08:53.000Z',
@ -109,7 +109,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
expect(hits).to.eql(['2020-10-03T05:08:53.000Z', '2020-10-04T05:08:53.000Z']);
});
@ -144,7 +144,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
expect(hits).to.eql(['2020-10-04T05:08:53.000Z']);
});
@ -186,7 +186,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
expect(hits).to.eql([]);
});
});
@ -206,7 +206,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
expect(hits).to.eql([]);
});
@ -225,7 +225,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
expect(hits).to.eql(['2020-10-01T05:08:53.000Z']);
});
@ -251,7 +251,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
expect(hits).to.eql([]);
});
});
@ -272,7 +272,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
expect(hits).to.eql([
'2020-10-02T05:08:53.000Z',
'2020-10-03T05:08:53.000Z',
@ -295,7 +295,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
expect(hits).to.eql(['2020-10-03T05:08:53.000Z', '2020-10-04T05:08:53.000Z']);
});
@ -318,7 +318,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
expect(hits).to.eql(['2020-10-04T05:08:53.000Z']);
});
@ -341,7 +341,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
expect(hits).to.eql([]);
});
});
@ -361,7 +361,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
expect(hits).to.eql([]);
});
@ -380,7 +380,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
expect(hits).to.eql(['2020-10-01T05:08:53.000Z', '2020-10-04T05:08:53.000Z']);
});
});
@ -399,7 +399,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
expect(hits).to.eql([]);
});
});
@ -419,7 +419,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
expect(hits).to.eql([
'2020-10-01T05:08:53.000Z',
'2020-10-02T05:08:53.000Z',
@ -449,7 +449,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
expect(hits).to.eql([
'2020-10-02T05:08:53.000Z',
'2020-10-03T05:08:53.000Z',
@ -481,7 +481,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
expect(hits).to.eql(['2020-10-02T05:08:53.000Z', '2020-10-04T05:08:53.000Z']);
});
@ -513,7 +513,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
expect(hits).to.eql([]);
});
});
@ -538,7 +538,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
expect(hits).to.eql(['2020-10-01T05:08:53.000Z']);
});
@ -566,7 +566,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
expect(hits).to.eql(['2020-10-01T05:08:53.000Z', '2020-10-03T05:08:53.000Z']);
});
@ -599,7 +599,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort();
expect(hits).to.eql([
'2020-10-01T05:08:53.000Z',
'2020-10-02T05:08:53.000Z',

60
x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/double.ts
View file

@ -58,7 +58,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql(['1.0', '1.1', '1.2', '1.3']);
});
@ -77,7 +77,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql(['1.1', '1.2', '1.3']);
});
@ -104,7 +104,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql(['1.2', '1.3']);
});
@ -139,7 +139,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql(['1.3']);
});
@ -181,7 +181,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql([]);
});
});
@ -201,7 +201,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql([]);
});
@ -220,7 +220,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql(['1.0']);
});
@ -246,7 +246,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql([]);
});
});
@ -267,7 +267,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql(['1.1', '1.2', '1.3']);
});
@ -286,7 +286,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql(['1.2', '1.3']);
});
@ -305,7 +305,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql(['1.3']);
});
@ -323,7 +323,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql([]);
});
});
@ -343,7 +343,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql([]);
});
@ -362,7 +362,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql(['1.0', '1.3']);
});
});
@ -381,7 +381,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql([]);
});
});
@ -401,7 +401,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql(['1.0', '1.1', '1.2', '1.3']);
});
});
@ -427,7 +427,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql(['1.1', '1.2', '1.3']);
});
@ -450,7 +450,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql(['1.1', '1.3']);
});
@ -472,7 +472,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql([]);
});
});
@ -497,7 +497,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql(['1.1', '1.2', '1.3']);
});
@ -520,7 +520,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql(['1.1', '1.3']);
});
@ -542,7 +542,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql([]);
});
@ -568,7 +568,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql(['1.3']);
});
});
@ -595,7 +595,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql(['1.0']);
});
@ -618,7 +618,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql(['1.0', '1.2']);
});
@ -641,7 +641,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql(['1.0', '1.1', '1.2', '1.3']);
});
});
@ -666,7 +666,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql(['1.0']);
});
@ -689,7 +689,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql(['1.0', '1.2']);
});
@ -712,7 +712,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql(['1.0', '1.1', '1.2', '1.3']);
});
@ -738,7 +738,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort();
expect(hits).to.eql(['1.0', '1.1', '1.2']);
});
});

60
x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/float.ts
View file

@ -56,7 +56,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql(['1.0', '1.1', '1.2', '1.3']);
});
@ -75,7 +75,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql(['1.1', '1.2', '1.3']);
});
@ -102,7 +102,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql(['1.2', '1.3']);
});
@ -137,7 +137,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql(['1.3']);
});
@ -179,7 +179,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql([]);
});
});
@ -199,7 +199,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql([]);
});
@ -218,7 +218,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql(['1.0']);
});
@ -244,7 +244,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql([]);
});
});
@ -265,7 +265,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql(['1.1', '1.2', '1.3']);
});
@ -284,7 +284,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql(['1.2', '1.3']);
});
@ -303,7 +303,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql(['1.3']);
});
@ -321,7 +321,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql([]);
});
});
@ -341,7 +341,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql([]);
});
@ -360,7 +360,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql(['1.0', '1.3']);
});
});
@ -379,7 +379,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql([]);
});
});
@ -399,7 +399,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql(['1.0', '1.1', '1.2', '1.3']);
});
});
@ -425,7 +425,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql(['1.1', '1.2', '1.3']);
});
@ -448,7 +448,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql(['1.1', '1.3']);
});
@ -470,7 +470,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql([]);
});
});
@ -495,7 +495,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql(['1.1', '1.2', '1.3']);
});
@ -518,7 +518,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql(['1.1', '1.3']);
});
@ -540,7 +540,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql([]);
});
@ -563,7 +563,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql(['1.3']);
});
});
@ -590,7 +590,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql(['1.0']);
});
@ -613,7 +613,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql(['1.0', '1.2']);
});
@ -636,7 +636,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql(['1.0', '1.1', '1.2', '1.3']);
});
});
@ -661,7 +661,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql(['1.0']);
});
@ -684,7 +684,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql(['1.0', '1.2']);
});
@ -707,7 +707,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql(['1.0', '1.1', '1.2', '1.3']);
});
@ -730,7 +730,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort();
expect(hits).to.eql(['1.0', '1.1', '1.2']);
});
});

60
x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/integer.ts
View file

@ -58,7 +58,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql(['1', '2', '3', '4']);
});
@ -77,7 +77,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql(['2', '3', '4']);
});
@ -104,7 +104,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql(['3', '4']);
});
@ -139,7 +139,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql(['4']);
});
@ -181,7 +181,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql([]);
});
});
@ -201,7 +201,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql([]);
});
@ -220,7 +220,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql(['1']);
});
@ -246,7 +246,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql([]);
});
});
@ -267,7 +267,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql(['2', '3', '4']);
});
@ -286,7 +286,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql(['3', '4']);
});
@ -305,7 +305,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql(['4']);
});
@ -323,7 +323,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql([]);
});
});
@ -343,7 +343,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql([]);
});
@ -362,7 +362,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql(['1', '4']);
});
});
@ -381,7 +381,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql([]);
});
});
@ -401,7 +401,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql(['1', '2', '3', '4']);
});
});
@ -427,7 +427,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql(['2', '3', '4']);
});
@ -450,7 +450,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql(['2', '4']);
});
@ -472,7 +472,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql([]);
});
});
@ -497,7 +497,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql(['2', '3', '4']);
});
@ -520,7 +520,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql(['2', '4']);
});
@ -542,7 +542,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql([]);
});
@ -565,7 +565,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql(['4']);
});
});
@ -592,7 +592,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql(['1']);
});
@ -615,7 +615,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql(['1', '3']);
});
@ -638,7 +638,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql(['1', '2', '3', '4']);
});
});
@ -663,7 +663,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql(['1']);
});
@ -686,7 +686,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql(['1', '3']);
});
@ -709,7 +709,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql(['1', '2', '3', '4']);
});
@ -732,7 +732,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort();
expect(hits).to.eql(['1', '2', '3']);
});
});

56
x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/ip.ts
View file

@ -54,7 +54,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql(['127.0.0.1', '127.0.0.2', '127.0.0.3', '127.0.0.4']);
});
@ -73,7 +73,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql(['127.0.0.2', '127.0.0.3', '127.0.0.4']);
});
@ -100,7 +100,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql(['127.0.0.3', '127.0.0.4']);
});
@ -135,7 +135,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql(['127.0.0.4']);
});
@ -177,7 +177,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([]);
});
@ -196,7 +196,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql(['127.0.0.4']);
});
});
@ -216,7 +216,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([]);
});
@ -235,7 +235,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql(['127.0.0.1']);
});
@ -261,7 +261,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([]);
});
});
@ -282,7 +282,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql(['127.0.0.2', '127.0.0.3', '127.0.0.4']);
});
@ -301,7 +301,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql(['127.0.0.3', '127.0.0.4']);
});
@ -320,7 +320,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql(['127.0.0.4']);
});
@ -338,7 +338,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([]);
});
});
@ -358,7 +358,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([]);
});
@ -377,7 +377,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql(['127.0.0.1', '127.0.0.4']);
});
});
@ -396,7 +396,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([]);
});
});
@ -416,7 +416,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql(['127.0.0.1', '127.0.0.2', '127.0.0.3', '127.0.0.4']);
});
});
@ -441,7 +441,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql(['127.0.0.2', '127.0.0.3', '127.0.0.4']);
});
@ -464,7 +464,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql(['127.0.0.2', '127.0.0.4']);
});
@ -491,7 +491,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([]);
});
@ -518,7 +518,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql(['127.0.0.4']);
});
@ -545,7 +545,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql(['127.0.0.4']);
});
@ -574,7 +574,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql(['127.0.0.4']);
});
});
@ -599,7 +599,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql(['127.0.0.1']);
});
@ -622,7 +622,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql(['127.0.0.1', '127.0.0.3']);
});
@ -650,7 +650,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql(['127.0.0.1', '127.0.0.2', '127.0.0.3', '127.0.0.4']);
});
@ -677,7 +677,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql(['127.0.0.1', '127.0.0.2', '127.0.0.3']);
});
@ -704,7 +704,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql(['127.0.0.1', '127.0.0.2', '127.0.0.3']);
});
});

54
x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/ip_array.ts
View file

@ -54,7 +54,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([
[],
['127.0.0.1', '127.0.0.2', '127.0.0.3', '127.0.0.4'],
@ -78,7 +78,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([
[],
['127.0.0.5', null, '127.0.0.6', '127.0.0.7'],
@ -109,7 +109,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([[], ['127.0.0.8', '127.0.0.9', '127.0.0.10']]);
});
@ -144,7 +144,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([[]]);
});
@ -163,7 +163,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([
[],
['127.0.0.5', null, '127.0.0.6', '127.0.0.7'],
@ -186,7 +186,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([[], ['127.0.0.8', '127.0.0.9', '127.0.0.10']]);
});
});
@ -206,7 +206,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([]);
});
@ -225,7 +225,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([['127.0.0.1', '127.0.0.2', '127.0.0.3', '127.0.0.4']]);
});
@ -250,7 +250,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([['127.0.0.1', '127.0.0.2', '127.0.0.3', '127.0.0.4']]);
});
@ -276,7 +276,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([]);
});
});
@ -297,7 +297,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([
[],
['127.0.0.5', null, '127.0.0.6', '127.0.0.7'],
@ -320,7 +320,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([[], ['127.0.0.8', '127.0.0.9', '127.0.0.10']]);
});
@ -339,7 +339,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([[]]);
});
});
@ -359,7 +359,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([]);
});
@ -378,7 +378,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([
['127.0.0.1', '127.0.0.2', '127.0.0.3', '127.0.0.4'],
['127.0.0.5', null, '127.0.0.6', '127.0.0.7'],
@ -400,7 +400,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([[]]);
});
});
@ -420,7 +420,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([
['127.0.0.1', '127.0.0.2', '127.0.0.3', '127.0.0.4'],
['127.0.0.5', null, '127.0.0.6', '127.0.0.7'],
@ -449,7 +449,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([
[],
['127.0.0.5', null, '127.0.0.6', '127.0.0.7'],
@ -476,7 +476,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([[], ['127.0.0.8', '127.0.0.9', '127.0.0.10']]);
});
@ -503,7 +503,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([[]]);
});
@ -540,7 +540,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([[], ['127.0.0.8', '127.0.0.9', '127.0.0.10']]);
});
@ -571,7 +571,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([[], ['127.0.0.8', '127.0.0.9', '127.0.0.10']]);
});
});
@ -596,7 +596,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([['127.0.0.1', '127.0.0.2', '127.0.0.3', '127.0.0.4']]);
});
@ -619,7 +619,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([
['127.0.0.1', '127.0.0.2', '127.0.0.3', '127.0.0.4'],
['127.0.0.5', null, '127.0.0.6', '127.0.0.7'],
@ -650,7 +650,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([
['127.0.0.1', '127.0.0.2', '127.0.0.3', '127.0.0.4'],
['127.0.0.5', null, '127.0.0.6', '127.0.0.7'],
@ -691,7 +691,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([
['127.0.0.1', '127.0.0.2', '127.0.0.3', '127.0.0.4'],
['127.0.0.5', null, '127.0.0.6', '127.0.0.7'],
@ -725,7 +725,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort();
const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
expect(ips).to.eql([
['127.0.0.1', '127.0.0.2', '127.0.0.3', '127.0.0.4'],
['127.0.0.5', null, '127.0.0.6', '127.0.0.7'],

46
x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/keyword.ts
View file

@ -54,7 +54,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql(['word four', 'word one', 'word three', 'word two']);
});
@ -73,7 +73,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql(['word four', 'word three', 'word two']);
});
@ -100,7 +100,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql(['word four', 'word three']);
});
@ -135,7 +135,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql(['word four']);
});
@ -177,7 +177,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([]);
});
});
@ -197,7 +197,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([]);
});
@ -216,7 +216,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql(['word one']);
});
@ -242,7 +242,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([]);
});
});
@ -263,7 +263,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql(['word four', 'word three', 'word two']);
});
@ -282,7 +282,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql(['word four', 'word three']);
});
@ -301,7 +301,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql(['word four']);
});
@ -319,7 +319,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([]);
});
});
@ -339,7 +339,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([]);
});
@ -358,7 +358,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql(['word four', 'word one']);
});
});
@ -377,7 +377,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([]);
});
});
@ -397,7 +397,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql(['word four', 'word one', 'word three', 'word two']);
});
});
@ -432,7 +432,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql(['word four', 'word one', 'word three', 'word two']);
});
@ -455,7 +455,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql(['word four', 'word three', 'word two']);
});
@ -478,7 +478,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql(['word four', 'word two']);
});
@ -505,7 +505,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([]);
});
});
@ -530,7 +530,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql(['word one']);
});
@ -553,7 +553,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql(['word one', 'word three']);
});
@ -581,7 +581,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql(['word four', 'word one', 'word three', 'word two']);
});
});

46
x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/keyword_array.ts
View file

@ -56,7 +56,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([
[],
['word eight', 'word nine', 'word ten'],
@ -80,7 +80,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([
[],
['word eight', 'word nine', 'word ten'],
@ -111,7 +111,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([[], ['word eight', 'word nine', 'word ten']]);
});
@ -146,7 +146,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([[]]);
});
});
@ -166,7 +166,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([]);
});
@ -185,7 +185,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([['word one', 'word two', 'word three', 'word four']]);
});
@ -211,7 +211,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([]);
});
});
@ -232,7 +232,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([
[],
['word eight', 'word nine', 'word ten'],
@ -255,7 +255,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([[], ['word eight', 'word nine', 'word ten']]);
});
@ -274,7 +274,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([[]]);
});
});
@ -294,7 +294,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([]);
});
@ -313,7 +313,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([
['word five', null, 'word six', 'word seven'],
['word one', 'word two', 'word three', 'word four'],
@ -335,7 +335,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([[]]);
});
});
@ -355,7 +355,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([
['word eight', 'word nine', 'word ten'],
['word five', null, 'word six', 'word seven'],
@ -394,7 +394,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([
[],
['word eight', 'word nine', 'word ten'],
@ -432,7 +432,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([
[],
['word eight', 'word nine', 'word ten'],
@ -459,7 +459,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([
[],
['word eight', 'word nine', 'word ten'],
@ -486,7 +486,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([[], ['word eight', 'word nine', 'word ten']]);
});
@ -513,7 +513,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([[]]);
});
});
@ -538,7 +538,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([['word one', 'word two', 'word three', 'word four']]);
});
@ -561,7 +561,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([['word one', 'word two', 'word three', 'word four']]);
});
@ -584,7 +584,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([
['word five', null, 'word six', 'word seven'],
['word one', 'word two', 'word three', 'word four'],
@ -615,7 +615,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort();
expect(hits).to.eql([
['word eight', 'word nine', 'word ten'],
['word five', null, 'word six', 'word seven'],

60
x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/long.ts
View file

@ -56,7 +56,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql(['1', '2', '3', '4']);
});
@ -75,7 +75,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql(['2', '3', '4']);
});
@ -102,7 +102,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql(['3', '4']);
});
@ -137,7 +137,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql(['4']);
});
@ -179,7 +179,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql([]);
});
});
@ -199,7 +199,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql([]);
});
@ -218,7 +218,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql(['1']);
});
@ -244,7 +244,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql([]);
});
});
@ -265,7 +265,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql(['2', '3', '4']);
});
@ -284,7 +284,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql(['3', '4']);
});
@ -303,7 +303,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql(['4']);
});
@ -321,7 +321,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql([]);
});
});
@ -341,7 +341,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql([]);
});
@ -360,7 +360,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql(['1', '4']);
});
});
@ -379,7 +379,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql([]);
});
});
@ -399,7 +399,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql(['1', '2', '3', '4']);
});
});
@ -425,7 +425,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql(['2', '3', '4']);
});
@ -448,7 +448,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql(['2', '4']);
});
@ -470,7 +470,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql([]);
});
});
@ -495,7 +495,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql(['2', '3', '4']);
});
@ -518,7 +518,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql(['2', '4']);
});
@ -540,7 +540,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql([]);
});
@ -563,7 +563,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql(['4']);
});
});
@ -590,7 +590,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql(['1']);
});
@ -613,7 +613,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql(['1', '3']);
});
@ -636,7 +636,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql(['1', '2', '3', '4']);
});
});
@ -661,7 +661,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql(['1']);
});
@ -684,7 +684,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql(['1', '3']);
});
@ -707,7 +707,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql(['1', '2', '3', '4']);
});
@ -730,7 +730,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort();
expect(hits).to.eql(['1', '2', '3']);
});
});

72
x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/text.ts
View file

@ -57,7 +57,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql(['word four', 'word one', 'word three', 'word two']);
});
@ -76,7 +76,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql(['word four', 'word three', 'word two']);
});
@ -103,7 +103,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql(['word four', 'word three']);
});
@ -138,7 +138,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql(['word four']);
});
@ -180,7 +180,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([]);
});
@ -199,7 +199,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql(['word four', 'word three', 'word two']);
});
@ -217,7 +217,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([]);
});
@ -236,7 +236,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql(['word four', 'word three', 'word two']);
});
});
@ -256,7 +256,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([]);
});
@ -275,7 +275,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql(['word one']);
});
@ -301,7 +301,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([]);
});
@ -320,7 +320,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql(['word one']);
});
@ -338,7 +338,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql(['word four', 'word one', 'word three', 'word two']);
});
@ -357,7 +357,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql(['word one']);
});
});
@ -378,7 +378,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql(['word four', 'word three', 'word two']);
});
@ -397,7 +397,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql(['word four', 'word three']);
});
@ -416,7 +416,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql(['word four']);
});
@ -434,7 +434,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([]);
});
});
@ -454,7 +454,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([]);
});
@ -473,7 +473,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql(['word four', 'word one']);
});
});
@ -492,7 +492,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([]);
});
});
@ -512,7 +512,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql(['word four', 'word one', 'word three', 'word two']);
});
});
@ -538,7 +538,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql(['four', 'three', 'two']);
});
@ -561,7 +561,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql(['four', 'two']);
});
@ -588,7 +588,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([]);
});
});
@ -613,7 +613,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql(['word four', 'word three', 'word two']);
});
@ -641,7 +641,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql(['word four', 'word three', 'word two']);
});
@ -664,7 +664,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql(['word four', 'word two']);
});
@ -691,7 +691,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([]);
});
});
@ -718,7 +718,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql(['one']);
});
@ -741,7 +741,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql(['one', 'three']);
});
@ -769,7 +769,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql(['four', 'one', 'three', 'two']);
});
});
@ -794,7 +794,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql(['word one']);
});
@ -822,7 +822,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql(['word one']);
});
@ -845,7 +845,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql(['word one', 'word three']);
});
@ -873,7 +873,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql(['word four', 'word one', 'word three', 'word two']);
});
});

46
x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/text_array.ts
View file

@ -54,7 +54,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([
[],
['word eight', 'word nine', 'word ten'],
@ -78,7 +78,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([
[],
['word eight', 'word nine', 'word ten'],
@ -109,7 +109,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([[], ['word eight', 'word nine', 'word ten']]);
});
@ -144,7 +144,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([[]]);
});
});
@ -164,7 +164,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([]);
});
@ -183,7 +183,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([['word one', 'word two', 'word three', 'word four']]);
});
@ -209,7 +209,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([]);
});
});
@ -230,7 +230,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([
[],
['word eight', 'word nine', 'word ten'],
@ -253,7 +253,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([[], ['word eight', 'word nine', 'word ten']]);
});
@ -272,7 +272,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([[]]);
});
});
@ -292,7 +292,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([]);
});
@ -311,7 +311,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([
['word five', null, 'word six', 'word seven'],
['word one', 'word two', 'word three', 'word four'],
@ -333,7 +333,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([[]]);
});
});
@ -353,7 +353,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([
['word eight', 'word nine', 'word ten'],
['word five', null, 'word six', 'word seven'],
@ -392,7 +392,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([
[],
['word eight', 'word nine', 'word ten'],
@ -430,7 +430,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([
[],
['word eight', 'word nine', 'word ten'],
@ -457,7 +457,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([
[],
['word eight', 'word nine', 'word ten'],
@ -484,7 +484,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([[], ['word eight', 'word nine', 'word ten']]);
});
@ -511,7 +511,7 @@ export default ({ getService }: FtrProviderContext) => {
]);
await waitForRuleSuccessOrStatus(supertest, id);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([[]]);
});
});
@ -536,7 +536,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([['word one', 'word two', 'word three', 'word four']]);
});
@ -559,7 +559,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([['word one', 'word two', 'word three', 'word four']]);
});
@ -582,7 +582,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 2, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([
['word five', null, 'word six', 'word seven'],
['word one', 'word two', 'word three', 'word four'],
@ -608,7 +608,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
expect(hits).to.eql([
['word eight', 'word nine', 'word ten'],
['word five', null, 'word six', 'word seven'],

111
x-pack/test/detection_engine_api_integration/security_and_spaces/tests/generating_signals.ts
View file

@ -6,7 +6,7 @@
*/
import expect from '@kbn/expect';
import { orderBy, get } from 'lodash';
import { orderBy, get, omit } from 'lodash';
import {
EqlCreateSchema,
@ -98,7 +98,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsByIds(supertest, [id]);
expect(signalsOpen.hits.hits[0]._source.signal.rule.rule_id).eql(getSimpleRule().rule_id);
expect(signalsOpen.hits.hits[0]._source?.signal.rule.rule_id).eql(getSimpleRule().rule_id);
});
it('should query and get back expected signal structure using a basic KQL query', async () => {
@ -110,8 +110,10 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsByIds(supertest, [id]);
const signal = signalsOpen.hits.hits[0]._source?.signal;
// remove rule to cut down on touch points for test changes when the rule format changes
const { rule: removedRule, ...signalNoRule } = signalsOpen.hits.hits[0]._source.signal;
const signalNoRule = omit(signal, 'rule');
expect(signalNoRule).eql({
parents: [
{
@ -161,8 +163,9 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsByIds(supertest, [id]);
const signal = signalsOpen.hits.hits[0]._source?.signal;
// remove rule to cut down on touch points for test changes when the rule format changes
const { rule: removedRule, ...signalNoRule } = signalsOpen.hits.hits[0]._source.signal;
const signalNoRule = omit(signal, 'rule');
expect(signalNoRule).eql({
parents: [
{
@ -223,8 +226,9 @@ export default ({ getService }: FtrProviderContext) => {
// Get our single signal on top of a signal
const signalsOpen = await getSignalsByRuleIds(supertest, ['signal-on-signal']);
const signal = signalsOpen.hits.hits[0]._source?.signal;
// remove rule to cut down on touch points for test changes when the rule format changes
const { rule: removedRule, ...signalNoRule } = signalsOpen.hits.hits[0]._source.signal;
const signalNoRule = omit(signal, 'rule');
expect(signalNoRule).eql({
parents: [
{
@ -284,6 +288,9 @@ export default ({ getService }: FtrProviderContext) => {
const signals = await getSignalsByIds(supertest, [id]);
expect(signals.hits.hits.length).eql(1);
const fullSignal = signals.hits.hits[0]._source;
if (!fullSignal) {
return expect(fullSignal).to.be.ok();
}
expect(fullSignal).eql({
'@timestamp': fullSignal['@timestamp'],
@ -398,7 +405,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForSignalsToBePresent(supertest, 100, [id]);
const signals = await getSignalsByIds(supertest, [id], 1000);
const filteredSignals = signals.hits.hits.filter(
(signal) => signal._source.signal.depth === 1
(signal) => signal._source?.signal.depth === 1
);
expect(filteredSignals.length).eql(100);
});
@ -415,6 +422,9 @@ export default ({ getService }: FtrProviderContext) => {
const signals = await getSignalsByIds(supertest, [id]);
expect(signals.hits.hits.length).eql(1);
const fullSignal = signals.hits.hits[0]._source;
if (!fullSignal) {
return expect(fullSignal).to.be.ok();
}
expect(fullSignal).eql({
'@timestamp': fullSignal['@timestamp'],
@ -533,11 +543,14 @@ export default ({ getService }: FtrProviderContext) => {
const signals = await getSignalsByIds(supertest, [id]);
const buildingBlock = signals.hits.hits.find(
(signal) =>
signal._source.signal.depth === 1 &&
signal._source?.signal.depth === 1 &&
get(signal._source, 'signal.original_event.category') === 'anomoly'
);
expect(buildingBlock).not.eql(undefined);
const fullSignal = buildingBlock!._source;
const fullSignal = buildingBlock?._source;
if (!fullSignal) {
return expect(fullSignal).to.be.ok();
}
expect(fullSignal).eql({
'@timestamp': fullSignal['@timestamp'],
@ -694,12 +707,15 @@ export default ({ getService }: FtrProviderContext) => {
await waitForSignalsToBePresent(supertest, 3, [id]);
const signalsOpen = await getSignalsByIds(supertest, [id]);
const sequenceSignal = signalsOpen.hits.hits.find(
(signal) => signal._source.signal.depth === 2
(signal) => signal._source?.signal.depth === 2
);
const source = sequenceSignal!._source;
const eventIds = source.signal.parents.map((event) => event.id);
const source = sequenceSignal?._source;
if (!source) {
return expect(source).to.be.ok();
}
const eventIds = source?.signal.parents.map((event) => event.id);
expect(source).eql({
'@timestamp': source['@timestamp'],
'@timestamp': source && source['@timestamp'],
agent: {
ephemeral_id: '1b4978a0-48be-49b1-ac96-323425b389ab',
hostname: 'zeek-sensor-amsterdam',
@ -798,10 +814,10 @@ export default ({ getService }: FtrProviderContext) => {
const signalsOpen = await getSignalsByIds(supertest, [id], 1000);
expect(signalsOpen.hits.hits.length).eql(300);
const shellSignals = signalsOpen.hits.hits.filter(
(signal) => signal._source.signal.depth === 2
(signal) => signal._source?.signal.depth === 2
);
const buildingBlocks = signalsOpen.hits.hits.filter(
(signal) => signal._source.signal.depth === 1
(signal) => signal._source?.signal.depth === 1
);
expect(shellSignals.length).eql(100);
expect(buildingBlocks.length).eql(200);
@ -823,6 +839,9 @@ export default ({ getService }: FtrProviderContext) => {
const signalsOpen = await getSignalsByIds(supertest, [id]);
expect(signalsOpen.hits.hits.length).eql(1);
const fullSignal = signalsOpen.hits.hits[0]._source;
if (!fullSignal) {
return expect(fullSignal).to.be.ok();
}
const eventIds = fullSignal.signal.parents.map((event) => event.id);
expect(fullSignal).eql({
'@timestamp': fullSignal['@timestamp'],
@ -957,6 +976,9 @@ export default ({ getService }: FtrProviderContext) => {
const signalsOpen = await getOpenSignals(supertest, es, createdRule);
expect(signalsOpen.hits.hits.length).eql(1);
const fullSignal = signalsOpen.hits.hits[0]._source;
if (!fullSignal) {
return expect(fullSignal).to.be.ok();
}
const eventIds = fullSignal.signal.parents.map((event) => event.id);
expect(fullSignal).eql({
'@timestamp': fullSignal['@timestamp'],
@ -1035,6 +1057,9 @@ export default ({ getService }: FtrProviderContext) => {
const signalsOpen = await getOpenSignals(supertest, es, createdRule);
expect(signalsOpen.hits.hits.length).eql(1);
const fullSignal = signalsOpen.hits.hits[0]._source;
if (!fullSignal) {
return expect(fullSignal).to.be.ok();
}
const eventIds = fullSignal.signal.parents.map((event) => event.id);
expect(fullSignal).eql({
'@timestamp': fullSignal['@timestamp'],
@ -1132,7 +1157,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsByIds(supertest, [id]);
expect(signalsOpen.hits.hits[0]._source.signal.rule.rule_id).eql(getSimpleRule().rule_id);
expect(signalsOpen.hits.hits[0]._source?.signal.rule.rule_id).eql(getSimpleRule().rule_id);
});
it('should query and get back expected signal structure using a basic KQL query', async () => {
@ -1144,8 +1169,9 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsByIds(supertest, [id]);
const signal = signalsOpen.hits.hits[0]._source?.signal;
// remove rule to cut down on touch points for test changes when the rule format changes
const { rule: removedRule, ...signalNoRule } = signalsOpen.hits.hits[0]._source.signal;
const signalNoRule = omit(signal, 'rule');
expect(signalNoRule).eql({
parents: [
{
@ -1200,8 +1226,9 @@ export default ({ getService }: FtrProviderContext) => {
// Get our single signal on top of a signal
const signalsOpen = await getSignalsByRuleIds(supertest, ['signal-on-signal']);
const signal = signalsOpen.hits.hits[0]._source?.signal;
// remove rule to cut down on touch points for test changes when the rule format changes
const { rule: removedRule, ...signalNoRule } = signalsOpen.hits.hits[0]._source.signal;
const signalNoRule = omit(signal, 'rule');
expect(signalNoRule).eql({
parents: [
@ -1284,7 +1311,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsByIds(supertest, [id]);
expect(signalsOpen.hits.hits[0]._source.signal.rule.rule_id).eql(getSimpleRule().rule_id);
expect(signalsOpen.hits.hits[0]._source?.signal.rule.rule_id).eql(getSimpleRule().rule_id);
});
it('should query and get back expected signal structure using a basic KQL query', async () => {
@ -1296,8 +1323,9 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsByIds(supertest, [id]);
const signal = signalsOpen.hits.hits[0]._source?.signal;
// remove rule to cut down on touch points for test changes when the rule format changes
const { rule: removedRule, ...signalNoRule } = signalsOpen.hits.hits[0]._source.signal;
const signalNoRule = omit(signal, 'rule');
expect(signalNoRule).eql({
parents: [
{
@ -1357,9 +1385,9 @@ export default ({ getService }: FtrProviderContext) => {
// Get our single signal on top of a signal
const signalsOpen = await getSignalsByRuleIds(supertest, ['signal-on-signal']);
const signal = signalsOpen.hits.hits[0]._source?.signal;
// remove rule to cut down on touch points for test changes when the rule format changes
const { rule: removedRule, ...signalNoRule } = signalsOpen.hits.hits[0]._source.signal;
const signalNoRule = omit(signal, 'rule');
expect(signalNoRule).eql({
parents: [
@ -1443,11 +1471,11 @@ export default ({ getService }: FtrProviderContext) => {
expect(signals.length).equal(4);
signals.forEach((s) => {
expect(s.signal.rule.severity).equal('medium');
expect(s.signal.rule.severity_mapping).eql([]);
expect(s?.signal.rule.severity).equal('medium');
expect(s?.signal.rule.severity_mapping).eql([]);
expect(s.signal.rule.risk_score).equal(75);
expect(s.signal.rule.risk_score_mapping).eql([]);
expect(s?.signal.rule.risk_score).equal(75);
expect(s?.signal.rule.risk_score_mapping).eql([]);
});
});
@ -1464,8 +1492,8 @@ export default ({ getService }: FtrProviderContext) => {
const signals = await executeRuleAndGetSignals(rule);
const severities = signals.map((s) => ({
id: s.signal.parent?.id,
value: s.signal.rule.severity,
id: s?.signal.parent?.id,
value: s?.signal.rule.severity,
}));
expect(signals.length).equal(4);
@ -1477,9 +1505,9 @@ export default ({ getService }: FtrProviderContext) => {
]);
signals.forEach((s) => {
expect(s.signal.rule.risk_score).equal(75);
expect(s.signal.rule.risk_score_mapping).eql([]);
expect(s.signal.rule.severity_mapping).eql([
expect(s?.signal.rule.risk_score).equal(75);
expect(s?.signal.rule.risk_score_mapping).eql([]);
expect(s?.signal.rule.severity_mapping).eql([
{ field: 'my_severity', operator: 'equals', value: 'sev_900', severity: 'high' },
{ field: 'my_severity', operator: 'equals', value: 'sev_max', severity: 'critical' },
]);
@ -1498,8 +1526,8 @@ export default ({ getService }: FtrProviderContext) => {
const signals = await executeRuleAndGetSignals(rule);
const riskScores = signals.map((s) => ({
id: s.signal.parent?.id,
value: s.signal.rule.risk_score,
id: s?.signal.parent?.id,
value: s?.signal.rule.risk_score,
}));
expect(signals.length).equal(4);
@ -1511,9 +1539,9 @@ export default ({ getService }: FtrProviderContext) => {
]);
signals.forEach((s) => {
expect(s.signal.rule.severity).equal('medium');
expect(s.signal.rule.severity_mapping).eql([]);
expect(s.signal.rule.risk_score_mapping).eql([
expect(s?.signal.rule.severity).equal('medium');
expect(s?.signal.rule.severity_mapping).eql([]);
expect(s?.signal.rule.risk_score_mapping).eql([
{ field: 'my_risk', operator: 'equals', value: '' },
]);
});
@ -1535,9 +1563,9 @@ export default ({ getService }: FtrProviderContext) => {
const signals = await executeRuleAndGetSignals(rule);
const values = signals.map((s) => ({
id: s.signal.parent?.id,
severity: s.signal.rule.severity,
risk: s.signal.rule.risk_score,
id: s?.signal.parent?.id,
severity: s?.signal.rule.severity,
risk: s?.signal.rule.risk_score,
}));
expect(signals.length).equal(4);
@ -1549,11 +1577,11 @@ export default ({ getService }: FtrProviderContext) => {
]);
signals.forEach((s) => {
expect(s.signal.rule.severity_mapping).eql([
expect(s?.signal.rule.severity_mapping).eql([
{ field: 'my_severity', operator: 'equals', value: 'sev_900', severity: 'high' },
{ field: 'my_severity', operator: 'equals', value: 'sev_max', severity: 'critical' },
]);
expect(s.signal.rule.risk_score_mapping).eql([
expect(s?.signal.rule.risk_score_mapping).eql([
{ field: 'my_risk', operator: 'equals', value: '' },
]);
});
@ -1587,6 +1615,9 @@ export default ({ getService }: FtrProviderContext) => {
const signals = signalsResponse.hits.hits.map((hit) => hit._source);
const signalsOrderedByEventId = orderBy(signals, 'signal.parent.id', 'asc');
const fullSignal = signalsOrderedByEventId[0];
if (!fullSignal) {
return expect(fullSignal).to.be.ok();
}
expect(fullSignal).eql({
'@timestamp': fullSignal['@timestamp'],

6
x-pack/test/detection_engine_api_integration/security_and_spaces/tests/keyword_family/const_keyword.ts
View file

@ -72,7 +72,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits
.map((hit) => (hit._source.event as EventModule).dataset)
.map((hit) => (hit._source?.event as EventModule).dataset)
.sort();
expect(hits).to.eql([
'dataset_name_1',
@ -108,7 +108,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits
.map((hit) => (hit._source.event as EventModule).dataset)
.map((hit) => (hit._source?.event as EventModule).dataset)
.sort();
expect(hits).to.eql([
'dataset_name_1',
@ -133,7 +133,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits
.map((hit) => hit._source.signal.threshold_result ?? null)
.map((hit) => hit._source?.signal.threshold_result ?? null)
.sort();
expect(hits).to.eql([
{

6
x-pack/test/detection_engine_api_integration/security_and_spaces/tests/keyword_family/keyword.ts
View file

@ -59,7 +59,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits
.map((hit) => (hit._source.event as EventModule).dataset)
.map((hit) => (hit._source?.event as EventModule).dataset)
.sort();
expect(hits).to.eql([
'dataset_name_1',
@ -82,7 +82,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits
.map((hit) => (hit._source.event as EventModule).dataset)
.map((hit) => (hit._source?.event as EventModule).dataset)
.sort();
expect(hits).to.eql([
'dataset_name_1',
@ -107,7 +107,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits
.map((hit) => hit._source.signal.threshold_result ?? null)
.map((hit) => hit._source?.signal.threshold_result ?? null)
.sort();
expect(hits).to.eql([
{

6
x-pack/test/detection_engine_api_integration/security_and_spaces/tests/keyword_family/keyword_mixed_with_const.ts
View file

@ -73,7 +73,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForSignalsToBePresent(supertest, 8, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits
.map((hit) => (hit._source.event as EventModule).dataset)
.map((hit) => (hit._source?.event as EventModule).dataset)
.sort();
expect(hits).to.eql([
'dataset_name_1',
@ -113,7 +113,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForSignalsToBePresent(supertest, 8, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits
.map((hit) => (hit._source.event as EventModule).dataset)
.map((hit) => (hit._source?.event as EventModule).dataset)
.sort();
expect(hits).to.eql([
'dataset_name_1',
@ -146,7 +146,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits
.map((hit) => hit._source.signal.threshold_result ?? null)
.map((hit) => hit._source?.signal.threshold_result ?? null)
.sort();
expect(hits).to.eql([
{

38
x-pack/test/detection_engine_api_integration/security_and_spaces/tests/open_close_signals.ts
View file

@ -6,8 +6,8 @@
*/
import expect from '@kbn/expect';
import type { estypes } from '@elastic/elasticsearch';
import { SearchResponse } from 'elasticsearch';
import { Signal } from '../../../../plugins/security_solution/server/lib/detection_engine/signals/types';
import {
DETECTION_ENGINE_SIGNALS_STATUS_URL,
@ -95,11 +95,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForSignalsToBePresent(supertest, 10, [id]);
const signalsOpen = await getSignalsByIds(supertest, [id]);
const everySignalOpen = signalsOpen.hits.hits.every(
({
_source: {
signal: { status },
},
}) => status === 'open'
(hit) => hit._source?.signal?.status === 'open'
);
expect(everySignalOpen).to.eql(true);
});
@ -123,7 +119,7 @@ export default ({ getService }: FtrProviderContext) => {
const {
body: signalsClosed,
}: { body: SearchResponse<{ signal: Signal }> } = await supertest
}: { body: estypes.SearchResponse<{ signal: Signal }> } = await supertest
.post(DETECTION_ENGINE_QUERY_SIGNALS_URL)
.set('kbn-xsrf', 'true')
.send(getQuerySignalIds(signalIds))
@ -150,18 +146,14 @@ export default ({ getService }: FtrProviderContext) => {
const {
body: signalsClosed,
}: { body: SearchResponse<{ signal: Signal }> } = await supertest
}: { body: estypes.SearchResponse<{ signal: Signal }> } = await supertest
.post(DETECTION_ENGINE_QUERY_SIGNALS_URL)
.set('kbn-xsrf', 'true')
.send(getQuerySignalIds(signalIds))
.expect(200);
const everySignalClosed = signalsClosed.hits.hits.every(
({
_source: {
signal: { status },
},
}) => status === 'closed'
(hit) => hit._source?.signal?.status === 'closed'
);
expect(everySignalClosed).to.eql(true);
});
@ -188,20 +180,16 @@ export default ({ getService }: FtrProviderContext) => {
// to allow a check that the signals were NOT closed with t1 analyst
const {
body: signalsClosed,
}: { body: SearchResponse<{ signal: Signal }> } = await supertest
}: { body: estypes.SearchResponse<{ signal: Signal }> } = await supertest
.post(DETECTION_ENGINE_QUERY_SIGNALS_URL)
.set('kbn-xsrf', 'true')
.send(getQuerySignalIds(signalIds))
.expect(200);
const everySignalOpen = signalsClosed.hits.hits.every(
({
_source: {
signal: { status },
},
}) => status === 'closed'
const everySignalClosed = signalsClosed.hits.hits.every(
(hit) => hit._source?.signal?.status === 'closed'
);
expect(everySignalOpen).to.eql(true);
expect(everySignalClosed).to.eql(true);
await deleteUserAndRole(getService, ROLES.t1_analyst);
});
@ -227,18 +215,14 @@ export default ({ getService }: FtrProviderContext) => {
const {
body: signalsClosed,
}: { body: SearchResponse<{ signal: Signal }> } = await supertest
}: { body: estypes.SearchResponse<{ signal: Signal }> } = await supertest
.post(DETECTION_ENGINE_QUERY_SIGNALS_URL)
.set('kbn-xsrf', 'true')
.send(getQuerySignalIds(signalIds))
.expect(200);
const everySignalClosed = signalsClosed.hits.hits.every(
({
_source: {
signal: { status },
},
}) => status === 'closed'
(hit) => hit._source?.signal?.status === 'closed'
);
expect(everySignalClosed).to.eql(true);

8
x-pack/test/detection_engine_api_integration/security_and_spaces/tests/runtime.ts
View file

@ -47,7 +47,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((signal) => (signal._source.host as Runtime).name);
const hits = signalsOpen.hits.hits.map((signal) => (signal._source?.host as Runtime).name);
expect(hits).to.eql(['host name 1', 'host name 2', 'host name 3', 'host name 4']);
});
@ -58,7 +58,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map(
(signal) => (signal._source.host as Runtime).hostname
(signal) => (signal._source?.host as Runtime).hostname
);
expect(hits).to.eql(['host name 1', 'host name 2', 'host name 3', 'host name 4']);
});
@ -91,7 +91,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map((signal) => signal._source.host);
const hits = signalsOpen.hits.hits.map((signal) => signal._source?.host);
expect(hits).to.eql([
[
{
@ -140,7 +140,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForSignalsToBePresent(supertest, 4, [id]);
const signalsOpen = await getSignalsById(supertest, id);
const hits = signalsOpen.hits.hits.map(
(signal) => (signal._source.host as Runtime).hostname
(signal) => (signal._source?.host as Runtime).hostname
);
expect(hits).to.eql([undefined, undefined, undefined, undefined]);
});

10
x-pack/test/detection_engine_api_integration/security_and_spaces/tests/timestamps.ts
View file

@ -65,7 +65,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsByIds(supertest, [id]);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.signal.original_time).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.signal.original_time).sort();
expect(hits).to.eql(['2021-06-02T23:33:15.000Z']);
});
@ -78,7 +78,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsByIds(supertest, [id]);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.signal.original_time).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.signal.original_time).sort();
expect(hits).to.eql(['2020-12-16T15:16:18.000Z']);
});
});
@ -90,7 +90,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsByIds(supertest, [id]);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.signal.original_time).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.signal.original_time).sort();
expect(hits).to.eql(['2021-06-02T23:33:15.000Z']);
});
@ -103,7 +103,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForRuleSuccessOrStatus(supertest, id);
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsOpen = await getSignalsByIds(supertest, [id]);
const hits = signalsOpen.hits.hits.map((hit) => hit._source.signal.original_time).sort();
const hits = signalsOpen.hits.hits.map((hit) => hit._source?.signal.original_time).sort();
expect(hits).to.eql(['2020-12-16T15:16:18.000Z']);
});
});
@ -215,7 +215,7 @@ export default ({ getService }: FtrProviderContext) => {
await waitForSignalsToBePresent(supertest, 1, [id]);
const signalsResponse = await getSignalsByIds(supertest, [id, id]);
const hits = signalsResponse.hits.hits
.map((hit) => hit._source.signal.original_time)
.map((hit) => hit._source?.signal.original_time)
.sort();
expect(hits).to.eql([undefined]);
});

22
x-pack/test/detection_engine_api_integration/utils.ts
View file

@ -7,11 +7,11 @@
import { KbnClient } from '@kbn/test';
import type { ApiResponse } from '@elastic/elasticsearch';
import { Context } from '@elastic/elasticsearch/lib/Transport';
import type { estypes } from '@elastic/elasticsearch';
import type { KibanaClient } from '@elastic/elasticsearch/api/kibana';
import { SuperTest } from 'supertest';
import supertestAsPromised from 'supertest-as-promised';
import { Context } from '@elastic/elasticsearch/lib/Transport';
import { SearchResponse } from 'elasticsearch';
import type {
ListArray,
NonEmptyEntriesArray,
@ -1079,12 +1079,14 @@ export const getSignalsByRuleIds = async (
supertest: SuperTest<supertestAsPromised.Test>,
ruleIds: string[]
): Promise<
SearchResponse<{
estypes.SearchResponse<{
signal: Signal;
[x: string]: unknown;
}>
> => {
const { body: signalsOpen }: { body: SearchResponse<{ signal: Signal }> } = await supertest
const {
body: signalsOpen,
}: { body: estypes.SearchResponse<{ signal: Signal }> } = await supertest
.post(DETECTION_ENGINE_QUERY_SIGNALS_URL)
.set('kbn-xsrf', 'true')
.send(getQuerySignalsRuleId(ruleIds))
@ -1103,12 +1105,14 @@ export const getSignalsByIds = async (
ids: string[],
size?: number
): Promise<
SearchResponse<{
estypes.SearchResponse<{
signal: Signal;
[x: string]: unknown;
}>
> => {
const { body: signalsOpen }: { body: SearchResponse<{ signal: Signal }> } = await supertest
const {
body: signalsOpen,
}: { body: estypes.SearchResponse<{ signal: Signal }> } = await supertest
.post(DETECTION_ENGINE_QUERY_SIGNALS_URL)
.set('kbn-xsrf', 'true')
.send(getQuerySignalsId(ids, size))
@ -1125,12 +1129,14 @@ export const getSignalsById = async (
supertest: SuperTest<supertestAsPromised.Test>,
id: string
): Promise<
SearchResponse<{
estypes.SearchResponse<{
signal: Signal;
[x: string]: unknown;
}>
> => {
const { body: signalsOpen }: { body: SearchResponse<{ signal: Signal }> } = await supertest
const {
body: signalsOpen,
}: { body: estypes.SearchResponse<{ signal: Signal }> } = await supertest
.post(DETECTION_ENGINE_QUERY_SIGNALS_URL)
.set('kbn-xsrf', 'true')
.send(getQuerySignalsId([id]))