From 60f6d4a49bdf3425d595beb33238bcdbc5511370 Mon Sep 17 00:00:00 2001
From: FrankHassanabad <frank.hassanabad@elastic.co>
Date: Thu, 3 Jun 2021 10:04:59 -0600
Subject: [PATCH] wip

---
 .../security_and_spaces/tests/index.ts        |  1 +
 .../security_and_spaces/tests/timestamps.ts   | 70 +++++++++++++++++++
 .../es_archives/security_solution/README.md   | 11 +++
 .../timestamp_in_seconds/data.json            | 10 +++
 .../timestamp_in_seconds/mappings.json        | 22 ++++++
 5 files changed, 114 insertions(+)
 create mode 100644 x-pack/test/detection_engine_api_integration/security_and_spaces/tests/timestamps.ts
 create mode 100644 x-pack/test/functional/es_archives/security_solution/README.md
 create mode 100644 x-pack/test/functional/es_archives/security_solution/timestamp_in_seconds/data.json
 create mode 100644 x-pack/test/functional/es_archives/security_solution/timestamp_in_seconds/mappings.json

diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/index.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/index.ts
index 57b24f6de2a488..477f1f37f50d27 100644
--- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/index.ts
+++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/index.ts
@@ -42,6 +42,7 @@ export default ({ loadTestFile }: FtrProviderContext): void => {
       loadTestFile(require.resolve('./create_signals_migrations'));
       loadTestFile(require.resolve('./finalize_signals_migrations'));
       loadTestFile(require.resolve('./delete_signals_migrations'));
+      loadTestFile(require.resolve('./timestamps'));
     });
 
     // That split here enable us on using a different ciGroup to run the tests
diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/timestamps.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/timestamps.ts
new file mode 100644
index 00000000000000..29a2ed4c9f666a
--- /dev/null
+++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/timestamps.ts
@@ -0,0 +1,70 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import expect from '@kbn/expect';
+import { CreateRulesSchema } from '../../../../plugins/security_solution/common/detection_engine/schemas/request';
+
+import {
+  DETECTION_ENGINE_RULES_URL,
+  DETECTION_ENGINE_RULES_STATUS_URL,
+} from '../../../../plugins/security_solution/common/constants';
+import { FtrProviderContext } from '../../common/ftr_provider_context';
+import {
+  createSignalsIndex,
+  deleteAllAlerts,
+  deleteSignalsIndex,
+  createRule,
+  getSimpleRule,
+  getSimpleRuleOutput,
+  getSimpleRuleOutputWithoutRuleId,
+  getSimpleRuleWithoutRuleId,
+  removeServerGeneratedProperties,
+  removeServerGeneratedPropertiesIncludingRuleId,
+  getSimpleMlRule,
+  getSimpleMlRuleOutput,
+  waitForRuleSuccessOrStatus,
+  waitForSignalsToBePresent,
+  waitForAlertToComplete,
+  getRuleForSignalTesting,
+  getSignalsByIds,
+  getRuleForSignalTestingWithTimestampOverride,
+} from '../../utils';
+import { ROLES } from '../../../../plugins/security_solution/common/test';
+import { createUserAndRole, deleteUserAndRole } from '../roles_users_utils';
+import { RuleStatusResponse } from '../../../../plugins/security_solution/server/lib/detection_engine/rules/types';
+
+// eslint-disable-next-line import/no-default-export
+export default ({ getService }: FtrProviderContext) => {
+  const supertest = getService('supertest');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
+  const esArchiver = getService('esArchiver');
+
+  describe('timestamps', () => {
+    describe('source index with timestamp in milliseconds', () => {
+      beforeEach(async () => {
+        await createSignalsIndex(supertest);
+        await esArchiver.load('security_solution/timestamp_in_seconds');
+      });
+
+      afterEach(async () => {
+        await deleteSignalsIndex(supertest);
+        await deleteAllAlerts(supertest);
+        await esArchiver.unload('security_solution/timestamp_in_seconds');
+      });
+
+      it('should convert a timestamp in epoch_seconds to the correct ISO format', async () => {
+        const rule = getRuleForSignalTesting(['timestamp_in_seconds']);
+        const { id } = await createRule(supertest, rule);
+        await waitForRuleSuccessOrStatus(supertest, id);
+        await waitForSignalsToBePresent(supertest, 1, [id]);
+        const signalsOpen = await getSignalsByIds(supertest, [id]);
+        const hits = signalsOpen.hits.hits.map((hit) => hit._source.signal.original_time).sort();
+        expect(hits).to.eql([]);
+      });
+    });
+  });
+};
diff --git a/x-pack/test/functional/es_archives/security_solution/README.md b/x-pack/test/functional/es_archives/security_solution/README.md
new file mode 100644
index 00000000000000..c832e0835bbbc9
--- /dev/null
+++ b/x-pack/test/functional/es_archives/security_solution/README.md
@@ -0,0 +1,11 @@
+Collection of data sets for use within various tests. Most of the tests to these live in either:
+
+```
+x-pack/test/detection_engine_api_integrations/security_and_spaces/tests
+```
+
+or
+
+```
+x-pack/test/api_integration/apis/security_solution
+```
diff --git a/x-pack/test/functional/es_archives/security_solution/timestamp_in_seconds/data.json b/x-pack/test/functional/es_archives/security_solution/timestamp_in_seconds/data.json
new file mode 100644
index 00000000000000..46b30b239bbc72
--- /dev/null
+++ b/x-pack/test/functional/es_archives/security_solution/timestamp_in_seconds/data.json
@@ -0,0 +1,10 @@
+{
+  "type": "doc",
+  "value": {
+    "index": "timestamp_in_seconds",
+    "source": {
+      "@timestamp": 1622676795
+    },
+    "type": "_doc"
+  }
+}
diff --git a/x-pack/test/functional/es_archives/security_solution/timestamp_in_seconds/mappings.json b/x-pack/test/functional/es_archives/security_solution/timestamp_in_seconds/mappings.json
new file mode 100644
index 00000000000000..fd8880fe0bc49e
--- /dev/null
+++ b/x-pack/test/functional/es_archives/security_solution/timestamp_in_seconds/mappings.json
@@ -0,0 +1,22 @@
+{
+  "type": "index",
+  "value": {
+    "index": "timestamp_in_seconds",
+    "mappings": {
+      "dynamic": "strict",
+      "properties": {
+        "@timestamp": {
+          "type": "date",
+          "format": "epoch_second"
+        }
+      }
+    },
+    "settings": {
+      "index": {
+        "refresh_interval": "1s",
+        "number_of_replicas": "1",
+        "number_of_shards": "1"
+      }
+    }
+  }
+}