diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/model/rule_assets/prebuilt_rule_asset.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/model/rule_assets/prebuilt_rule_asset.ts index 48f097ac7a860..40a3d048fb518 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/model/rule_assets/prebuilt_rule_asset.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/model/rule_assets/prebuilt_rule_asset.ts @@ -8,7 +8,6 @@ import * as z from 'zod'; import { RequiredFieldArray, - SetupGuide, RuleSignatureId, RuleVersion, BaseCreateProps, @@ -35,6 +34,5 @@ export const PrebuiltRuleAsset = BaseCreateProps.and(TypeSpecificCreateProps).an rule_id: RuleSignatureId, version: RuleVersion, required_fields: RequiredFieldArray.optional(), - setup: SetupGuide.optional(), }) ); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts index fb7543b9fe700..900d5e716addf 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts @@ -140,6 +140,7 @@ export default ({ getService }: FtrProviderContext): void => { { package: 'package-a', version: '^1.2.3' }, { package: 'package-b', integration: 'integration-b', version: '~1.1.1' }, ], + setup: '# some setup markdown', }; const mockRule = getCustomQueryRuleParams(defaultableFields); @@ -314,6 +315,7 @@ export default ({ getService }: FtrProviderContext): void => { const ruleId = 'ruleId'; const ruleToDuplicate = getCustomQueryRuleParams({ rule_id: ruleId, + setup: '# some setup markdown', related_integrations: [ { package: 'package-a', version: '^1.2.3' }, { package: 'package-b', integration: 'integration-b', version: '~1.1.1' }, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules.ts index 6ba0cc273c8c5..f0f6eae7b5da0 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules.ts @@ -72,6 +72,7 @@ export default ({ getService }: FtrProviderContext) => { it('should create a rule with defaultable fields', async () => { const expectedRule = getCustomQueryRuleParams({ rule_id: 'rule-1', + setup: '# some setup markdown', related_integrations: [ { package: 'package-a', version: '^1.2.3' }, { package: 'package-b', integration: 'integration-b', version: '~1.1.1' }, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules_bulk.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules_bulk.ts index 17b4ea3e3604e..052841b442f9b 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules_bulk.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules_bulk.ts @@ -10,9 +10,9 @@ import expect from 'expect'; import { EsArchivePathBuilder } from '../../../../../es_archive_path_builder'; import { FtrProviderContext } from '../../../../../ftr_provider_context'; import { + getCustomQueryRuleParams, getSimpleRule, getSimpleRuleOutput, - getCustomQueryRuleParams, getSimpleRuleOutputWithoutRuleId, getSimpleRuleWithoutRuleId, removeServerGeneratedProperties, @@ -71,6 +71,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should create a rule with defaultable fields', async () => { const expectedRule = getCustomQueryRuleParams({ rule_id: 'rule-1', + setup: '# some setup markdown', related_integrations: [ { package: 'package-a', version: '^1.2.3' }, { package: 'package-b', integration: 'integration-b', version: '~1.1.1' }, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/trial_license_complete_tier/create_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/trial_license_complete_tier/create_rules.ts index 319a4a20c9c96..e6e4e4697d099 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/trial_license_complete_tier/create_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/trial_license_complete_tier/create_rules.ts @@ -691,27 +691,5 @@ export default ({ getService }: FtrProviderContext) => { }); }); }); - - describe('setup guide', async () => { - beforeEach(async () => { - await deleteAllAlerts(supertest, log, es); - await deleteAllRules(supertest, log); - }); - - it('creates a rule with a setup guide when setup parameter is present', async () => { - const { body } = await supertest - .post(DETECTION_ENGINE_RULES_URL) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') - .send( - getCustomQueryRuleParams({ - setup: 'A setup guide', - }) - ) - .expect(200); - - expect(body.setup).toEqual('A setup guide'); - }); - }); }); }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/export_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/export_rules.ts index d91c1ab18b44a..c217846af4612 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/export_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/export_rules.ts @@ -7,41 +7,28 @@ import expect from 'expect'; -import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants'; import { BaseDefaultableFields } from '@kbn/security-solution-plugin/common/api/detection_engine'; import { FtrProviderContext } from '../../../../../ftr_provider_context'; import { binaryToString, getCustomQueryRuleParams } from '../../../utils'; -import { - createRule, - createAlertsIndex, - deleteAllRules, - deleteAllAlerts, -} from '../../../../../../common/utils/security_solution'; +import { deleteAllRules } from '../../../../../../common/utils/security_solution'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); - const securitySolutionApi = getService('securitySolutionApi'); const log = getService('log'); - const es = getService('es'); + const securitySolutionApi = getService('securitySolutionApi'); describe('@ess @serverless export_rules', () => { describe('exporting rules', () => { - beforeEach(async () => { - await createAlertsIndex(supertest, log); - }); - afterEach(async () => { - await deleteAllAlerts(supertest, log, es); await deleteAllRules(supertest, log); }); it('should set the response content types to be expected', async () => { - await createRule(supertest, log, getCustomQueryRuleParams()); + const ruleToExport = getCustomQueryRuleParams(); - await supertest - .post(`${DETECTION_ENGINE_RULES_URL}/_export`) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') - .send() + await securitySolutionApi.createRule({ body: ruleToExport }); + + await securitySolutionApi + .exportRules({ query: {}, body: null }) .expect(200) .expect('Content-Type', 'application/ndjson') .expect('Content-Disposition', 'attachment; filename="export.ndjson"'); @@ -50,13 +37,10 @@ export default ({ getService }: FtrProviderContext): void => { it('should export a single rule with a rule_id', async () => { const ruleToExport = getCustomQueryRuleParams(); - await createRule(supertest, log, ruleToExport); + await securitySolutionApi.createRule({ body: ruleToExport }); - const { body } = await supertest - .post(`${DETECTION_ENGINE_RULES_URL}/_export`) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') - .send() + const { body } = await securitySolutionApi + .exportRules({ query: {}, body: null }) .expect(200) .parse(binaryToString); @@ -71,6 +55,7 @@ export default ({ getService }: FtrProviderContext): void => { { package: 'package-a', version: '^1.2.3' }, { package: 'package-b', integration: 'integration-b', version: '~1.1.1' }, ], + setup: '# some setup markdown', }; const ruleToExport = getCustomQueryRuleParams(defaultableFields); @@ -87,13 +72,12 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should have export summary reflecting a number of rules', async () => { - await createRule(supertest, log, getCustomQueryRuleParams()); + const ruleToExport = getCustomQueryRuleParams(); + + await securitySolutionApi.createRule({ body: ruleToExport }); - const { body } = await supertest - .post(`${DETECTION_ENGINE_RULES_URL}/_export`) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') - .send() + const { body } = await securitySolutionApi + .exportRules({ query: {}, body: null }) .expect(200) .parse(binaryToString); @@ -111,14 +95,11 @@ export default ({ getService }: FtrProviderContext): void => { const ruleToExport1 = getCustomQueryRuleParams({ rule_id: 'rule-1' }); const ruleToExport2 = getCustomQueryRuleParams({ rule_id: 'rule-2' }); - await createRule(supertest, log, ruleToExport1); - await createRule(supertest, log, ruleToExport2); + await securitySolutionApi.createRule({ body: ruleToExport1 }); + await securitySolutionApi.createRule({ body: ruleToExport2 }); - const { body } = await supertest - .post(`${DETECTION_ENGINE_RULES_URL}/_export`) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') - .send() + const { body } = await securitySolutionApi + .exportRules({ query: {}, body: null }) .expect(200) .parse(binaryToString); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/import_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/import_rules.ts index f4fc373965df9..c0bf497fbd0ca 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/import_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/import_rules.ts @@ -7,51 +7,35 @@ import expect from 'expect'; -import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants'; import { BaseDefaultableFields } from '@kbn/security-solution-plugin/common/api/detection_engine'; import { FtrProviderContext } from '../../../../../ftr_provider_context'; -import { getCustomQueryRuleParams, combineToNdJson, fetchRule } from '../../../utils'; -import { - createAlertsIndex, - deleteAllRules, - deleteAllAlerts, - createRule, -} from '../../../../../../common/utils/security_solution'; +import { getCustomQueryRuleParams, combineToNdJson } from '../../../utils'; +import { deleteAllRules } from '../../../../../../common/utils/security_solution'; export default ({ getService }: FtrProviderContext): void => { const supertest = getService('supertest'); const securitySolutionApi = getService('securitySolutionApi'); const log = getService('log'); - const es = getService('es'); describe('@ess @serverless import_rules', () => { describe('importing rules with an index', () => { - beforeEach(async () => { - await createAlertsIndex(supertest, log); - }); - afterEach(async () => { - await deleteAllAlerts(supertest, log, es); await deleteAllRules(supertest, log); }); it('should set the response content types to be expected', async () => { const ndjson = combineToNdJson(getCustomQueryRuleParams()); - await supertest - .post(`${DETECTION_ENGINE_RULES_URL}/_import`) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') + await securitySolutionApi + .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect('Content-Type', 'application/json; charset=utf-8') .expect(200); }); it('should reject with an error if the file type is not that of a ndjson', async () => { - const { body } = await supertest - .post(`${DETECTION_ENGINE_RULES_URL}/_import`) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') + const { body } = await securitySolutionApi + .importRules({ query: {} }) .attach('file', Buffer.from(''), 'rules.txt') .expect(400); @@ -64,10 +48,8 @@ export default ({ getService }: FtrProviderContext): void => { it('should report that it imported a simple rule successfully', async () => { const ndjson = combineToNdJson(getCustomQueryRuleParams()); - const { body } = await supertest - .post(`${DETECTION_ENGINE_RULES_URL}/_import`) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') + const { body } = await securitySolutionApi + .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); @@ -83,14 +65,16 @@ export default ({ getService }: FtrProviderContext): void => { const ruleToImport = getCustomQueryRuleParams({ rule_id: 'rule-to-import' }); const ndjson = combineToNdJson(ruleToImport); - await supertest - .post(`${DETECTION_ENGINE_RULES_URL}/_import`) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') + await securitySolutionApi + .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); - const importedRule = await fetchRule(supertest, { ruleId: 'rule-to-import' }); + const { body: importedRule } = await securitySolutionApi + .readRule({ + query: { rule_id: 'rule-to-import' }, + }) + .expect(200); expect(importedRule).toMatchObject(ruleToImport); }); @@ -103,10 +87,8 @@ export default ({ getService }: FtrProviderContext): void => { }) ); - const { body } = await supertest - .post(`${DETECTION_ENGINE_RULES_URL}/_import`) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') + const { body } = await securitySolutionApi + .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); @@ -125,10 +107,8 @@ export default ({ getService }: FtrProviderContext): void => { }) ); - const { body } = await supertest - .post(`${DETECTION_ENGINE_RULES_URL}/_import`) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') + const { body } = await securitySolutionApi + .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); @@ -139,6 +119,7 @@ export default ({ getService }: FtrProviderContext): void => { it('should be able to import rules with defaultable fields', async () => { const defaultableFields: BaseDefaultableFields = { + setup: '# some setup markdown', related_integrations: [ { package: 'package-a', version: '^1.2.3' }, { package: 'package-b', integration: 'integration-b', version: '~1.1.1' }, @@ -174,10 +155,8 @@ export default ({ getService }: FtrProviderContext): void => { }) ); - const { body } = await supertest - .post(`${DETECTION_ENGINE_RULES_URL}/_import`) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') + const { body } = await securitySolutionApi + .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); @@ -201,10 +180,8 @@ export default ({ getService }: FtrProviderContext): void => { }) ) ); - const { body } = await supertest - .post(`${DETECTION_ENGINE_RULES_URL}/_import`) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') + const { body } = await securitySolutionApi + .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); @@ -242,10 +219,8 @@ export default ({ getService }: FtrProviderContext): void => { ) ); - const { body } = await supertest - .post(`${DETECTION_ENGINE_RULES_URL}/_import`) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') + const { body } = await securitySolutionApi + .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(500); @@ -265,10 +240,8 @@ export default ({ getService }: FtrProviderContext): void => { }) ); - const { body } = await supertest - .post(`${DETECTION_ENGINE_RULES_URL}/_import`) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') + const { body } = await securitySolutionApi + .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); @@ -298,10 +271,8 @@ export default ({ getService }: FtrProviderContext): void => { }) ); - const { body } = await supertest - .post(`${DETECTION_ENGINE_RULES_URL}/_import?overwrite=true`) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') + const { body } = await securitySolutionApi + .importRules({ query: { overwrite: true } }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); @@ -318,14 +289,12 @@ export default ({ getService }: FtrProviderContext): void => { rule_id: 'rule-1', }); - await createRule(supertest, log, ruleToImport); + await securitySolutionApi.createRule({ body: ruleToImport }); const ndjson = combineToNdJson(ruleToImport); - const { body } = await supertest - .post(`${DETECTION_ENGINE_RULES_URL}/_import`) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') + const { body } = await securitySolutionApi + .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); @@ -350,14 +319,12 @@ export default ({ getService }: FtrProviderContext): void => { rule_id: 'rule-1', }); - await createRule(supertest, log, ruleToImport); + await securitySolutionApi.createRule({ body: ruleToImport }); const ndjson = combineToNdJson(ruleToImport); - const { body } = await supertest - .post(`${DETECTION_ENGINE_RULES_URL}/_import?overwrite=true`) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') + const { body } = await securitySolutionApi + .importRules({ query: { overwrite: true } }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); @@ -370,13 +337,11 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should overwrite an existing rule if overwrite is set to true', async () => { - await createRule( - supertest, - log, - getCustomQueryRuleParams({ - rule_id: 'rule-to-overwrite', - }) - ); + const ruleToImport = getCustomQueryRuleParams({ + rule_id: 'rule-to-overwrite', + }); + + await securitySolutionApi.createRule({ body: ruleToImport }); const ndjson = combineToNdJson( getCustomQueryRuleParams({ @@ -385,14 +350,16 @@ export default ({ getService }: FtrProviderContext): void => { }) ); - await supertest - .post(`${DETECTION_ENGINE_RULES_URL}/_import?overwrite=true`) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') + await securitySolutionApi + .importRules({ query: { overwrite: true } }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); - const importedRule = await fetchRule(supertest, { ruleId: 'rule-to-overwrite' }); + const { body: importedRule } = await securitySolutionApi + .readRule({ + query: { rule_id: 'rule-to-overwrite' }, + }) + .expect(200); expect(importedRule).toMatchObject({ name: 'some other name', @@ -400,15 +367,17 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should bump a revision when overwriting a rule', async () => { - await createRule( - supertest, - log, - getCustomQueryRuleParams({ - rule_id: 'rule-to-overwrite', - }) - ); + const ruleToImport = getCustomQueryRuleParams({ + rule_id: 'rule-to-overwrite', + }); - const ruleBeforeOverwriting = await fetchRule(supertest, { ruleId: 'rule-to-overwrite' }); + await securitySolutionApi.createRule({ body: ruleToImport }); + + const { body: ruleBeforeOverwriting } = await securitySolutionApi + .readRule({ + query: { rule_id: 'rule-to-overwrite' }, + }) + .expect(200); const ndjson = combineToNdJson( getCustomQueryRuleParams({ @@ -417,14 +386,16 @@ export default ({ getService }: FtrProviderContext): void => { }) ); - await supertest - .post(`${DETECTION_ENGINE_RULES_URL}/_import?overwrite=true`) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') + await securitySolutionApi + .importRules({ query: { overwrite: true } }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); - const ruleAfterOverwriting = await fetchRule(supertest, { ruleId: 'rule-to-overwrite' }); + const { body: ruleAfterOverwriting } = await securitySolutionApi + .readRule({ + query: { rule_id: 'rule-to-overwrite' }, + }) + .expect(200); expect(ruleBeforeOverwriting).toMatchObject({ revision: 0, @@ -435,13 +406,11 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should report a conflict if there is an attempt to import a rule with a rule_id that already exists, but still have some successes with other rules', async () => { - await createRule( - supertest, - log, - getCustomQueryRuleParams({ - rule_id: 'existing-rule', - }) - ); + const ruleToImport = getCustomQueryRuleParams({ + rule_id: 'existing-rule', + }); + + await securitySolutionApi.createRule({ body: ruleToImport }); const ndjson = combineToNdJson( getCustomQueryRuleParams({ @@ -455,10 +424,8 @@ export default ({ getService }: FtrProviderContext): void => { }) ); - const { body } = await supertest - .post(`${DETECTION_ENGINE_RULES_URL}/_import`) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') + const { body } = await securitySolutionApi + .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); @@ -479,20 +446,16 @@ export default ({ getService }: FtrProviderContext): void => { }); it('should report a mix of conflicts and a mix of successes', async () => { - await createRule( - supertest, - log, - getCustomQueryRuleParams({ + await securitySolutionApi.createRule({ + body: getCustomQueryRuleParams({ rule_id: 'existing-rule-1', - }) - ); - await createRule( - supertest, - log, - getCustomQueryRuleParams({ + }), + }); + await securitySolutionApi.createRule({ + body: getCustomQueryRuleParams({ rule_id: 'existing-rule-2', - }) - ); + }), + }); const ndjson = combineToNdJson( getCustomQueryRuleParams({ @@ -506,10 +469,8 @@ export default ({ getService }: FtrProviderContext): void => { }) ); - const { body } = await supertest - .post(`${DETECTION_ENGINE_RULES_URL}/_import`) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') + const { body } = await securitySolutionApi + .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); @@ -547,21 +508,33 @@ export default ({ getService }: FtrProviderContext): void => { rule_id: 'non-existing-rule', }); - await createRule(supertest, log, existingRule1); - await createRule(supertest, log, existingRule2); + await securitySolutionApi.createRule({ body: existingRule1 }); + await securitySolutionApi.createRule({ body: existingRule2 }); const ndjson = combineToNdJson(existingRule1, existingRule2, ruleToImportSuccessfully); - await supertest - .post(`${DETECTION_ENGINE_RULES_URL}/_import`) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') + await securitySolutionApi + .importRules({ query: {} }) .attach('file', Buffer.from(ndjson), 'rules.ndjson') .expect(200); - const rule1 = await fetchRule(supertest, { ruleId: 'existing-rule-1' }); - const rule2 = await fetchRule(supertest, { ruleId: 'existing-rule-2' }); - const rule3 = await fetchRule(supertest, { ruleId: 'non-existing-rule' }); + const { body: rule1 } = await securitySolutionApi + .readRule({ + query: { rule_id: 'existing-rule-1' }, + }) + .expect(200); + + const { body: rule2 } = await securitySolutionApi + .readRule({ + query: { rule_id: 'existing-rule-2' }, + }) + .expect(200); + + const { body: rule3 } = await securitySolutionApi + .readRule({ + query: { rule_id: 'non-existing-rule' }, + }) + .expect(200); expect(rule1).toMatchObject(existingRule1); expect(rule2).toMatchObject(existingRule2); diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules.ts index 27990708215d3..2dc21264ef66c 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules.ts @@ -63,6 +63,7 @@ export default ({ getService }: FtrProviderContext) => { it('should patch defaultable fields', async () => { const expectedRule = getCustomQueryRuleParams({ rule_id: 'rule-1', + setup: '# some setup markdown', related_integrations: [ { package: 'package-a', version: '^1.2.3' }, { package: 'package-b', integration: 'integration-b', version: '~1.1.1' }, @@ -77,6 +78,7 @@ export default ({ getService }: FtrProviderContext) => { .patchRule({ body: { rule_id: 'rule-1', + setup: expectedRule.setup, related_integrations: expectedRule.related_integrations, }, }) diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules_bulk.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules_bulk.ts index ef3c944bf9931..020d9c0e62b3f 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules_bulk.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/basic_license_essentials_tier/patch_rules_bulk.ts @@ -62,6 +62,7 @@ export default ({ getService }: FtrProviderContext) => { it('should patch defaultable fields', async () => { const expectedRule = getCustomQueryRuleParams({ rule_id: 'rule-1', + setup: '# some setup markdown', related_integrations: [ { package: 'package-a', version: '^1.2.3' }, { package: 'package-b', integration: 'integration-b', version: '~1.1.1' }, @@ -77,6 +78,7 @@ export default ({ getService }: FtrProviderContext) => { body: [ { rule_id: 'rule-1', + setup: expectedRule.setup, related_integrations: expectedRule.related_integrations, }, ], diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/patch_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/patch_rules.ts index 8256b7734463f..4a69f208c3bd5 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/patch_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_patch/trial_license_complete_tier/patch_rules.ts @@ -656,37 +656,5 @@ export default ({ getService }: FtrProviderContext) => { }); }); }); - - describe('setup guide', () => { - beforeEach(async () => { - await createAlertsIndex(supertest, log); - }); - - afterEach(async () => { - await deleteAllAlerts(supertest, log, es); - await deleteAllRules(supertest, log); - }); - - it('should overwrite setup field on patch', async () => { - await createRule(supertest, log, { - ...getSimpleRule('rule-1'), - setup: 'A setup guide', - }); - - const rulePatch = { - rule_id: 'rule-1', - setup: 'A different setup guide', - }; - - const { body } = await supertest - .patch(DETECTION_ENGINE_RULES_URL) - .set('kbn-xsrf', 'true') - .set('elastic-api-version', '2023-10-31') - .send(rulePatch) - .expect(200); - - expect(body.setup).to.eql('A different setup guide'); - }); - }); }); }; diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules.ts index 08dfdac9a7e82..abd486b1e080e 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules.ts @@ -68,6 +68,7 @@ export default ({ getService }: FtrProviderContext) => { it('should update a rule with defaultable fields', async () => { const expectedRule = getCustomQueryRuleParams({ rule_id: 'rule-1', + setup: '# some setup markdown', related_integrations: [ { package: 'package-a', version: '^1.2.3' }, { package: 'package-b', integration: 'integration-b', version: '~1.1.1' }, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules_bulk.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules_bulk.ts index d28d9efd41350..b73b8c0be95cc 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules_bulk.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/basic_license_essentials_tier/update_rules_bulk.ts @@ -67,6 +67,7 @@ export default ({ getService }: FtrProviderContext) => { it('should update a rule with defaultable fields', async () => { const expectedRule = getCustomQueryRuleParams({ rule_id: 'rule-1', + setup: '# some setup markdown', related_integrations: [ { package: 'package-a', version: '^1.2.3' }, { package: 'package-b', integration: 'integration-b', version: '~1.1.1' }, diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules.ts index d905c57aa4a2f..6d120a7944759 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_update/trial_license_complete_tier/update_rules.ts @@ -757,40 +757,6 @@ export default ({ getService }: FtrProviderContext) => { expect(body.investigation_fields).to.eql(undefined); }); }); - - describe('setup guide', () => { - it('should overwrite setup value on update', async () => { - await createRule(supertest, log, { - ...getSimpleRule('rule-1'), - setup: 'A setup guide', - }); - - const ruleUpdate = { - ...getSimpleRuleUpdate('rule-1'), - setup: 'A different setup guide', - }; - - const { body } = await securitySolutionApi.updateRule({ body: ruleUpdate }).expect(200); - - expect(body.setup).to.eql('A different setup guide'); - }); - - it('should reset setup field to empty string on unset', async () => { - await createRule(supertest, log, { - ...getSimpleRule('rule-1'), - setup: 'A setup guide', - }); - - const ruleUpdate = { - ...getSimpleRuleUpdate('rule-1'), - setup: undefined, - }; - - const { body } = await securitySolutionApi.updateRule({ body: ruleUpdate }).expect(200); - - expect(body.setup).to.eql(''); - }); - }); }); }); }; diff --git a/x-pack/test/security_solution_cypress/cypress/data/detection_engine.ts b/x-pack/test/security_solution_cypress/cypress/data/detection_engine.ts index f50f2478537f4..60ebea7632b50 100644 --- a/x-pack/test/security_solution_cypress/cypress/data/detection_engine.ts +++ b/x-pack/test/security_solution_cypress/cypress/data/detection_engine.ts @@ -25,6 +25,7 @@ import type { RuleName, RuleReferenceArray, RuleTagArray, + SetupGuide, } from '@kbn/security-solution-plugin/common/api/detection_engine'; interface RuleFields { @@ -44,6 +45,7 @@ interface RuleFields { threat: Threat; threatSubtechnique: ThreatSubtechnique; threatTechnique: ThreatTechnique; + setup: SetupGuide; } export const ruleFields: RuleFields = { @@ -60,6 +62,7 @@ export const ruleFields: RuleFields = { ], falsePositives: ['False1', 'False2'], investigationGuide: '# test markdown', + setup: '# test setup markdown', investigationFields: { field_names: ['agent.hostname'], }, diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/common_flows.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/common_flows.cy.ts index a5903af58f1ee..c718930cdf71e 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/common_flows.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/common_flows.cy.ts @@ -15,7 +15,11 @@ import { RULE_NAME_INPUT, SCHEDULE_CONTINUE_BUTTON, } from '../../../../screens/create_new_rule'; -import { RULE_NAME_HEADER } from '../../../../screens/rule_details'; +import { + DESCRIPTION_SETUP_GUIDE_BUTTON, + DESCRIPTION_SETUP_GUIDE_CONTENT, + RULE_NAME_HEADER, +} from '../../../../screens/rule_details'; import { createTimeline } from '../../../../tasks/api_calls/timelines'; import { deleteAlertsAndRules } from '../../../../tasks/api_calls/common'; import { @@ -31,6 +35,7 @@ import { fillRiskScore, fillRuleName, fillRuleTags, + fillSetup, fillSeverity, fillThreat, fillThreatSubtechnique, @@ -77,6 +82,7 @@ describe('Common rule creation flows', { tags: ['@ess', '@serverless'] }, () => fillThreatSubtechnique(); fillCustomInvestigationFields(); fillNote(); + fillSetup(); cy.get(ABOUT_CONTINUE_BTN).click(); cy.log('Filling schedule section'); @@ -97,5 +103,8 @@ describe('Common rule creation flows', { tags: ['@ess', '@serverless'] }, () => // UI redirects to rule creation page of a created rule cy.get(RULE_NAME_HEADER).should('contain', ruleFields.ruleName); + + cy.get(DESCRIPTION_SETUP_GUIDE_BUTTON).click(); + cy.get(DESCRIPTION_SETUP_GUIDE_CONTENT).should('contain', 'test setup markdown'); // Markdown formatting should be removed }); }); diff --git a/x-pack/test/security_solution_cypress/cypress/screens/create_new_rule.ts b/x-pack/test/security_solution_cypress/cypress/screens/create_new_rule.ts index bf88869973cee..d9b70b1ddd4e4 100644 --- a/x-pack/test/security_solution_cypress/cypress/screens/create_new_rule.ts +++ b/x-pack/test/security_solution_cypress/cypress/screens/create_new_rule.ts @@ -135,6 +135,8 @@ export const INPUT = '[data-test-subj="input"]'; export const INVESTIGATION_NOTES_TEXTAREA = '[data-test-subj="detectionEngineStepAboutRuleNote"] textarea'; +export const SETUP_GUIDE_TEXTAREA = '[data-test-subj="detectionEngineStepAboutRuleSetup"] textarea'; + export const FALSE_POSITIVES_INPUT = '[data-test-subj="detectionEngineStepAboutRuleFalsePositives"] input'; diff --git a/x-pack/test/security_solution_cypress/cypress/screens/rule_details.ts b/x-pack/test/security_solution_cypress/cypress/screens/rule_details.ts index b8c524b0084ce..904baa6c29669 100644 --- a/x-pack/test/security_solution_cypress/cypress/screens/rule_details.ts +++ b/x-pack/test/security_solution_cypress/cypress/screens/rule_details.ts @@ -153,3 +153,7 @@ export const ALERT_SUPPRESSION_INSUFFICIENT_LICENSING_ICON = export const HIGHLIGHTED_ROWS_IN_TABLE = '[data-test-subj="euiDataGridBody"] .alertsTableHighlightedRow'; + +export const DESCRIPTION_SETUP_GUIDE_BUTTON = '[data-test-subj="stepAboutDetailsToggle-setup"]'; + +export const DESCRIPTION_SETUP_GUIDE_CONTENT = '[data-test-subj="stepAboutDetailsSetupContent"]'; diff --git a/x-pack/test/security_solution_cypress/cypress/tasks/create_new_rule.ts b/x-pack/test/security_solution_cypress/cypress/tasks/create_new_rule.ts index f40cecee5a981..aa97035eddc47 100644 --- a/x-pack/test/security_solution_cypress/cypress/tasks/create_new_rule.ts +++ b/x-pack/test/security_solution_cypress/cypress/tasks/create_new_rule.ts @@ -125,6 +125,7 @@ import { ALERTS_INDEX_BUTTON, INVESTIGATIONS_INPUT, QUERY_BAR_ADD_FILTER, + SETUP_GUIDE_TEXTAREA, RELATED_INTEGRATION_COMBO_BOX_INPUT, } from '../screens/create_new_rule'; import { @@ -204,6 +205,13 @@ export const fillNote = (note: string = ruleFields.investigationGuide) => { return note; }; +export const fillSetup = (setup: string = ruleFields.setup) => { + cy.get(SETUP_GUIDE_TEXTAREA).clear({ force: true }); + cy.get(SETUP_GUIDE_TEXTAREA).type(setup); + + return setup; +}; + export const fillMitre = (mitreAttacks: Threat[]) => { let techniqueIndex = 0; let subtechniqueInputIndex = 0;