[SIEM] Covers 'Import query from saved timeline' functionality with Cypress (#67459)

* modifies 'Creates and activates a new custom rule' test to cover 'import query from saved timeline' functionality * adds missing files Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
2020-05-30 09:51:07 +02:00 · 2020-05-30 09:51:07 +02:00 · 96ef01828c
commit 96ef01828c
parent d0aeadf13e
8 changed files with 8012 additions and 6 deletions
--- a/x-pack/plugins/siem/cypress/integration/signal_detection_rules_custom.spec.ts
+++ b/x-pack/plugins/siem/cypress/integration/signal_detection_rules_custom.spec.ts
@ -41,7 +41,7 @@ import {
 import {
  createAndActivateRule,
  fillAboutRuleAndContinue,
-  fillDefineCustomRuleAndContinue,
+  fillDefineCustomRuleWithImportedQueryAndContinue,
 } from '../tasks/create_new_rule';
 import {
  goToManageSignalDetectionRules,
@ -66,11 +66,11 @@ import { DETECTIONS } from '../urls/navigation';

 describe('Signal detection rules, custom', () => {
  before(() => {
-    esArchiverLoad('prebuilt_rules_loaded');
+    esArchiverLoad('custom_rule_with_timeline');
  });

  after(() => {
-    esArchiverUnload('prebuilt_rules_loaded');
+    esArchiverUnload('custom_rule_with_timeline');
  });

  it('Creates and activates a new custom rule', () => {
@ -80,7 +80,7 @@ describe('Signal detection rules, custom', () => {
    goToManageSignalDetectionRules();
    waitForLoadElasticPrebuiltDetectionRulesTableToBeLoaded();
    goToCreateNewRule();
-    fillDefineCustomRuleAndContinue(newRule);
+    fillDefineCustomRuleWithImportedQueryAndContinue(newRule);
    fillAboutRuleAndContinue(newRule);
    createAndActivateRule();

--- a/x-pack/plugins/siem/cypress/objects/rule.ts
+++ b/x-pack/plugins/siem/cypress/objects/rule.ts
@ -28,6 +28,7 @@ export interface CustomRule {
  falsePositivesExamples: string[];
  mitre: Mitre[];
  note: string;
+  timelineId: string;
 }

 export interface MachineLearningRule {
@ -56,7 +57,7 @@ const mitre2: Mitre = {
 };

 export const newRule: CustomRule = {
-  customQuery: 'hosts.name: *',
+  customQuery: 'host.name: *',
  name: 'New Rule Test',
  description: 'The new rule description.',
  severity: 'High',
@ -66,6 +67,7 @@ export const newRule: CustomRule = {
  falsePositivesExamples: ['False1', 'False2'],
  mitre: [mitre1, mitre2],
  note: '# test markdown',
+  timelineId: '352c6110-9ffb-11ea-b3d8-857d6042d9bd',
 };

 export const machineLearningRule: MachineLearningRule = {
--- a/x-pack/plugins/siem/cypress/screens/create_new_rule.ts
+++ b/x-pack/plugins/siem/cypress/screens/create_new_rule.ts
@ -24,6 +24,9 @@ export const CUSTOM_QUERY_INPUT = '[data-test-subj="queryInput"]';

 export const DEFINE_CONTINUE_BUTTON = '[data-test-subj="define-continue"]';

+export const IMPORT_QUERY_FROM_SAVED_TIMELINE_LINK =
+  '[data-test-subj="importQueryFromSavedTimeline"]';
+
 export const INVESTIGATION_NOTES_TEXTAREA =
  '[data-test-subj="detectionEngineStepAboutRuleNote"] textarea';

--- a/x-pack/plugins/siem/cypress/screens/timeline.ts
+++ b/x-pack/plugins/siem/cypress/screens/timeline.ts
@ -21,6 +21,10 @@ export const SEARCH_OR_FILTER_CONTAINER =

 export const SERVER_SIDE_EVENT_COUNT = '[data-test-subj="server-side-event-count"]';

+export const TIMELINE = (id: string) => {
+  return `[data-test-subj="title-${id}"]`;
+};
+
 export const TIMELINE_DATA_PROVIDERS = '[data-test-subj="dataProviders"]';

 export const TIMELINE_DATA_PROVIDERS_EMPTY =
--- a/x-pack/plugins/siem/cypress/tasks/create_new_rule.ts
+++ b/x-pack/plugins/siem/cypress/tasks/create_new_rule.ts
@ -14,6 +14,7 @@ import {
  CUSTOM_QUERY_INPUT,
  DEFINE_CONTINUE_BUTTON,
  FALSE_POSITIVES_INPUT,
+  IMPORT_QUERY_FROM_SAVED_TIMELINE_LINK,
  INVESTIGATION_NOTES_TEXTAREA,
  MACHINE_LEARNING_DROPDOWN,
  MACHINE_LEARNING_LIST,
@ -30,6 +31,7 @@ import {
  SEVERITY_DROPDOWN,
  TAGS_INPUT,
 } from '../screens/create_new_rule';
+import { TIMELINE } from '../screens/timeline';

 export const createAndActivateRule = () => {
  cy.get(SCHEDULE_CONTINUE_BUTTON).click({ force: true });
@ -86,6 +88,15 @@ export const fillDefineCustomRuleAndContinue = (rule: CustomRule) => {
  cy.get(CUSTOM_QUERY_INPUT).should('not.exist');
 };

+export const fillDefineCustomRuleWithImportedQueryAndContinue = (rule: CustomRule) => {
+  cy.get(IMPORT_QUERY_FROM_SAVED_TIMELINE_LINK).click();
+  cy.get(TIMELINE(rule.timelineId)).click();
+  cy.get(CUSTOM_QUERY_INPUT).should('have.attr', 'value', rule.customQuery);
+  cy.get(DEFINE_CONTINUE_BUTTON).should('exist').click({ force: true });
+
+  cy.get(CUSTOM_QUERY_INPUT).should('not.exist');
+};
+
 export const fillDefineMachineLearningRuleAndContinue = (rule: MachineLearningRule) => {
  cy.get(MACHINE_LEARNING_DROPDOWN).click({ force: true });
  cy.contains(MACHINE_LEARNING_LIST, rule.machineLearningJob).click();
--- a/x-pack/plugins/siem/public/alerts/components/rules/step_define_rule/index.tsx
+++ b/x-pack/plugins/siem/public/alerts/components/rules/step_define_rule/index.tsx
@ -203,7 +203,10 @@ const StepDefineRuleComponent: FC<StepDefineRuleProps> = ({
                config={{
                  ...schema.queryBar,
                  labelAppend: (
-                    <MyLabelButton onClick={handleOpenTimelineSearch}>
+                    <MyLabelButton
+                      data-test-subj="importQueryFromSavedTimeline"
+                      onClick={handleOpenTimelineSearch}
+                    >
                      {i18n.IMPORT_TIMELINE_QUERY}
                    </MyLabelButton>
                  ),
--- a/x-pack/test/siem_cypress/es_archives/custom_rule_with_timeline/data.json.gz
+++ b/x-pack/test/siem_cypress/es_archives/custom_rule_with_timeline/data.json.gz
--- a/x-pack/test/siem_cypress/es_archives/custom_rule_with_timeline/mappings.json
+++ b/x-pack/test/siem_cypress/es_archives/custom_rule_with_timeline/mappings.json