[Security Solution] migrate Threat Intelligence Cypress tests into se…

…curity_solution_cypress folder (elastic#191162)
pgayvallet · Sep 11, 2024 · c6a12be · c6a12be
1 parent 034625a
commit c6a12be
Show file tree

Hide file tree

Showing 32 changed files with 11,920 additions and 3 deletions.
diff --git a/x-pack/plugins/threat_intelligence/kibana.jsonc b/x-pack/plugins/threat_intelligence/kibana.jsonc
@@ -11,11 +11,12 @@
       "cases",
       "data",
       "dataViews",
+      "inspector",
+      "kibanaReact",
       "kibanaUtils",
       "navigation",
-      "kibanaReact",
-      "triggersActionsUi",
-      "inspector"
+      "security",
+      "triggersActionsUi"
     ],
     "requiredBundles": [
       "data",

diff --git a/...security_solution_cypress/cypress/e2e/investigations/threat_intelligence/block_list.cy.ts b/...security_solution_cypress/cypress/e2e/investigations/threat_intelligence/block_list.cy.ts
@@ -0,0 +1,112 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { visitWithTimeRange } from '../../../tasks/navigation';
+import {
+  closeFlyout,
+  navigateToThreatIntelligence,
+  openFlyout,
+  openFlyoutTakeAction,
+  openIndicatorsTableMoreActions,
+  waitForViewToBeLoaded,
+} from '../../../tasks/threat_intelligence/common';
+import {
+  fillBlocklistForm,
+  openAddToBlockListFlyoutFromTable,
+  openAddToBlocklistFromFlyout,
+} from '../../../tasks/threat_intelligence/blocklist';
+import { navigateToBlocklist } from '../../../tasks/threat_intelligence/common';
+import { login } from '../../../tasks/login';
+import {
+  BLOCK_LIST_VALUE_INPUT,
+  FLYOUT_ADD_TO_BLOCK_LIST_ITEM,
+  INDICATORS_TABLE_ADD_TO_BLOCK_LIST_BUTTON_ICON,
+  SAVED_BLOCK_LIST_DESCRIPTION,
+  SAVED_BLOCK_LIST_NAME,
+} from '../../../screens/threat_intelligence/blocklist';
+
+const URL = '/app/security/threat_intelligence/indicators';
+
+const FIRST_BLOCK_LIST_NEW_NAME = 'first blocklist entry';
+const FIRST_BLOCK_LIST_NEW_DESCRIPTION = 'the first description';
+const SECOND_BLOCK_LIST_NEW_NAME = 'second blocklist entry';
+const SECOND_BLOCK_LIST_NEW_DESCRIPTION = 'the second description';
+
+describe('Block list with invalid indicators', { tags: ['@ess'] }, () => {
+  before(() => cy.task('esArchiverLoad', { archiveName: 'ti_indicators_data_invalid' }));
+
+  after(() => cy.task('esArchiverUnload', { archiveName: 'ti_indicators_data_invalid' }));
+
+  beforeEach(() => {
+    login();
+    visitWithTimeRange(URL);
+    waitForViewToBeLoaded();
+  });
+
+  it('should disabled blocklist in the indicators table context menu item and flyout context menu items', () => {
+    openIndicatorsTableMoreActions(3);
+    cy.get(INDICATORS_TABLE_ADD_TO_BLOCK_LIST_BUTTON_ICON).should('be.disabled');
+
+    openFlyout(3);
+    openFlyoutTakeAction();
+    cy.get(FLYOUT_ADD_TO_BLOCK_LIST_ITEM).should('be.disabled');
+  });
+});
+
+describe('Block list interactions', { tags: ['@ess'] }, () => {
+  before(() => cy.task('esArchiverLoad', { archiveName: 'ti_indicators_data_multiple' }));
+
+  after(() => cy.task('esArchiverUnload', { archiveName: 'ti_indicators_data_multiple' }));
+
+  beforeEach(() => {
+    login();
+    visitWithTimeRange(URL);
+    waitForViewToBeLoaded();
+  });
+
+  it('should add to block list from the indicators table and from flyout', () => {
+    // first indicator is a valid indicator for add to blocklist feature
+    const firstIndicatorId = 'd86e656455f985357df3063dff6637f7f3b95bb27d1769a6b88c7adecaf7763f';
+
+    cy.log('add to blocklist from the table more action menu');
+
+    openIndicatorsTableMoreActions();
+    openAddToBlockListFlyoutFromTable();
+
+    cy.get(BLOCK_LIST_VALUE_INPUT(firstIndicatorId));
+
+    fillBlocklistForm(FIRST_BLOCK_LIST_NEW_NAME, FIRST_BLOCK_LIST_NEW_DESCRIPTION);
+    navigateToBlocklist();
+
+    cy.get(SAVED_BLOCK_LIST_NAME).eq(0).should('have.text', FIRST_BLOCK_LIST_NEW_NAME);
+    cy.get(SAVED_BLOCK_LIST_DESCRIPTION)
+      .eq(0)
+      .should('have.text', FIRST_BLOCK_LIST_NEW_DESCRIPTION);
+
+    navigateToThreatIntelligence();
+
+    // second indicator is a valid indicator for add to blocklist feature
+    const secondIndicatorId = 'd3e2cf87eabf84ef929aaf8dad1431b3387f5a26de8ffb7a0c3c2a13f973c0ab';
+
+    cy.log('add to blocklist from the flyout');
+
+    openFlyout(1);
+    openFlyoutTakeAction();
+    openAddToBlocklistFromFlyout();
+
+    cy.get(BLOCK_LIST_VALUE_INPUT(secondIndicatorId));
+
+    fillBlocklistForm(SECOND_BLOCK_LIST_NEW_NAME, SECOND_BLOCK_LIST_NEW_DESCRIPTION);
+    closeFlyout();
+    navigateToBlocklist();
+
+    cy.get(SAVED_BLOCK_LIST_NAME).eq(0).should('have.text', SECOND_BLOCK_LIST_NEW_NAME);
+    cy.get(SAVED_BLOCK_LIST_DESCRIPTION)
+      .eq(0)
+      .should('have.text', SECOND_BLOCK_LIST_NEW_DESCRIPTION);
+  });
+});
diff --git a/...test/security_solution_cypress/cypress/e2e/investigations/threat_intelligence/cases.cy.ts b/...test/security_solution_cypress/cypress/e2e/investigations/threat_intelligence/cases.cy.ts
@@ -0,0 +1,138 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { visitWithTimeRange } from '../../../tasks/navigation';
+import {
+  navigateToThreatIntelligence,
+  openFlyout,
+  openFlyoutTakeAction,
+  openIndicatorsTableMoreActions,
+  waitForViewToBeLoaded,
+} from '../../../tasks/threat_intelligence/common';
+import {
+  createNewCaseFromTI,
+  navigateToCaseViaToaster,
+  openAddToExistingCaseFlyoutFromTable,
+  openAddToExistingCaseFromFlyout,
+  openAddToNewCaseFlyoutFromTable,
+  openAddToNewCaseFromFlyout,
+  selectExistingCase,
+} from '../../../tasks/threat_intelligence/cases';
+import {
+  CASE_COMMENT_EXTERNAL_REFERENCE,
+  FLYOUT_ADD_TO_EXISTING_CASE_ITEM,
+  FLYOUT_ADD_TO_NEW_CASE_ITEM,
+  INDICATORS_TABLE_ADD_TO_EXISTING_CASE_BUTTON_ICON,
+  INDICATORS_TABLE_ADD_TO_NEW_CASE_BUTTON_ICON,
+} from '../../../screens/threat_intelligence/cases';
+import { login } from '../../../tasks/login';
+
+const URL = '/app/security/threat_intelligence/indicators';
+
+describe('Cases with invalid indicators', { tags: ['@ess'] }, () => {
+  before(() => cy.task('esArchiverLoad', { archiveName: 'ti_indicators_data_invalid' }));
+
+  after(() => cy.task('esArchiverUnload', { archiveName: 'ti_indicators_data_invalid' }));
+
+  beforeEach(() => {
+    login();
+    visitWithTimeRange(URL);
+    waitForViewToBeLoaded();
+  });
+
+  it('should disable the indicators table context menu items and flyout context menu items', () => {
+    const documentsNumber = 22;
+    openIndicatorsTableMoreActions(documentsNumber - 1);
+
+    cy.get(INDICATORS_TABLE_ADD_TO_EXISTING_CASE_BUTTON_ICON).should('be.disabled');
+    cy.get(INDICATORS_TABLE_ADD_TO_NEW_CASE_BUTTON_ICON).should('be.disabled');
+
+    openFlyout(documentsNumber - 1);
+    openFlyoutTakeAction();
+
+    cy.get(FLYOUT_ADD_TO_EXISTING_CASE_ITEM).should('be.disabled');
+    cy.get(FLYOUT_ADD_TO_NEW_CASE_ITEM).should('be.disabled');
+  });
+});
+
+describe('Cases interactions', { tags: ['@ess'] }, () => {
+  before(() => cy.task('esArchiverLoad', { archiveName: 'ti_indicators_data_single' }));
+
+  after(() => cy.task('esArchiverUnload', { archiveName: 'ti_indicators_data_single' }));
+
+  beforeEach(() => {
+    login();
+    visitWithTimeRange(URL);
+    waitForViewToBeLoaded();
+  });
+
+  it('should add to new case and to existing case from the indicators table and the flyout', () => {
+    cy.log('should add to new case when clicking on the button in the indicators table');
+
+    openIndicatorsTableMoreActions();
+    openAddToNewCaseFlyoutFromTable();
+    createNewCaseFromTI();
+    navigateToCaseViaToaster();
+
+    cy.get(CASE_COMMENT_EXTERNAL_REFERENCE)
+      .should('exist')
+      .and('contain.text', 'added an indicator of compromise')
+      .and('contain.text', 'Indicator name')
+      .and('contain.text', 'Indicator type')
+      .and('contain.text', 'Feed name');
+
+    navigateToThreatIntelligence();
+
+    cy.log('should add to existing case when clicking on the button in the indicators table');
+
+    openIndicatorsTableMoreActions();
+    openAddToExistingCaseFlyoutFromTable();
+    selectExistingCase();
+    navigateToCaseViaToaster();
+
+    cy.get(CASE_COMMENT_EXTERNAL_REFERENCE)
+      .should('exist')
+      .and('contain.text', 'added an indicator of compromise')
+      .and('contain.text', 'Indicator name')
+      .and('contain.text', 'Indicator type')
+      .and('contain.text', 'Feed name');
+
+    navigateToThreatIntelligence();
+
+    cy.log('should add to new case when clicking on the button in the indicators flyout');
+
+    openFlyout(0);
+    openFlyoutTakeAction();
+    openAddToNewCaseFromFlyout();
+    createNewCaseFromTI();
+
+    navigateToCaseViaToaster();
+    cy.get(CASE_COMMENT_EXTERNAL_REFERENCE)
+      .should('exist')
+      .and('contain.text', 'added an indicator of compromise')
+      .and('contain.text', 'Indicator name')
+      .and('contain.text', 'Indicator type')
+      .and('contain.text', 'Feed name');
+
+    navigateToThreatIntelligence();
+
+    cy.log('should add to existing case when clicking on the button in the indicators flyout');
+
+    openFlyout(0);
+    openFlyoutTakeAction();
+    openAddToExistingCaseFromFlyout();
+    selectExistingCase();
+
+    navigateToCaseViaToaster();
+    cy.get(CASE_COMMENT_EXTERNAL_REFERENCE)
+      .should('exist')
+      .and('contain.text', 'added an indicator of compromise')
+      .and('contain.text', 'Indicator name')
+      .and('contain.text', 'Indicator type')
+      .and('contain.text', 'Feed name');
+  });
+});
diff --git a/...security_solution_cypress/cypress/e2e/investigations/threat_intelligence/empty_page.cy.ts b/...security_solution_cypress/cypress/e2e/investigations/threat_intelligence/empty_page.cy.ts
@@ -0,0 +1,33 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { visitWithTimeRange } from '../../../tasks/navigation';
+import { login } from '../../../tasks/login';
+import {
+  EMPTY_PAGE_BODY,
+  EMPTY_PAGE_DOCS_LINK,
+  EMPTY_PAGE_INTEGRATIONS_LINK,
+} from '../../../screens/threat_intelligence/empty_page';
+
+const URL = '/app/security/threat_intelligence/';
+
+describe('Empty Page', { tags: ['@ess'] }, () => {
+  beforeEach(() => {
+    login();
+    visitWithTimeRange(URL);
+  });
+
+  it('should render the empty page with link to docs and integrations, and navigate to integrations page', () => {
+    cy.get(EMPTY_PAGE_BODY).should('be.visible');
+    cy.get(EMPTY_PAGE_DOCS_LINK).should('be.visible');
+    cy.get(EMPTY_PAGE_INTEGRATIONS_LINK).should('be.visible');
+
+    cy.get(EMPTY_PAGE_INTEGRATIONS_LINK).click();
+    cy.url().should('include', '/app/integrations/browse/threat_intel');
+    cy.get('h1').first().should('contain', 'Integrations');
+  });
+});