diff --git a/x-pack/plugins/security_solution/cypress/screens/alerts.ts b/x-pack/plugins/security_solution/cypress/screens/alerts.ts index acecb0a7f47430..d85755ff5238e7 100644 --- a/x-pack/plugins/security_solution/cypress/screens/alerts.ts +++ b/x-pack/plugins/security_solution/cypress/screens/alerts.ts @@ -62,6 +62,7 @@ export const OPEN_ALERT_BTN = '[data-test-subj="open-alert-status"]'; export const OPENED_ALERTS_FILTER_BTN = '[data-test-subj="openAlerts"]'; +export const PROCESS_NAME_COLUMN = '[data-test-subj="dataGridHeaderCell-process.name"]'; export const PROCESS_NAME = '[data-test-subj="formatted-field-process.name"]'; export const REASON = '[data-test-subj^=formatted-field][data-test-subj$=reason]'; diff --git a/x-pack/plugins/security_solution/cypress/screens/alerts_details.ts b/x-pack/plugins/security_solution/cypress/screens/alerts_details.ts index 0c1388bcfd6fd7..a6e61d536dd3ba 100644 --- a/x-pack/plugins/security_solution/cypress/screens/alerts_details.ts +++ b/x-pack/plugins/security_solution/cypress/screens/alerts_details.ts @@ -33,22 +33,13 @@ export const JSON_TEXT = '[data-test-subj="jsonView"]'; export const OVERVIEW_HOST_NAME = '[data-test-subj="eventDetails"] [data-test-subj="host-details-button"]'; -export const OVERVIEW_RISK_SCORE = - '[data-test-subj="eventDetails"] [data-test-subj^=formatted][data-test-subj$=risk_score]'; - -export const OVERVIEW_RULE = - '[data-test-subj="eventDetails"] [data-test-subj^=formatted][data-test-subj$=rule\\.name]'; - -export const OVERVIEW_SEVERITY = - '[data-test-subj="eventDetails"] [data-test-subj^=formatted][data-test-subj$=rule\\.severity]'; - -export const OVERVIEW_STATUS = '[data-test-subj="eventDetails"] [data-test-subj$=status]'; +export const OVERVIEW_SEVERITY = '[data-test-subj="eventDetails"] [data-test-subj=severity]'; export const OVERVIEW_THRESHOLD_COUNT = '[data-test-subj="eventDetails"] [data-test-subj^=formatted][data-test-subj$=threshold_result\\.count]'; export const OVERVIEW_THRESHOLD_VALUE = - '[data-test-subj="eventDetails"] [data-test-subj$=threshold_result\\.terms]'; + '[data-test-subj="eventDetails"] [data-test-subj^=formatted][data-test-subj$=threshold_result\\.terms\\.field]'; export const SUMMARY_VIEW = '[data-test-subj="summary-view"]'; diff --git a/x-pack/plugins/security_solution/cypress/tasks/timeline.ts b/x-pack/plugins/security_solution/cypress/tasks/timeline.ts index 24eb2e325d32c2..c4da40e13d4b6f 100644 --- a/x-pack/plugins/security_solution/cypress/tasks/timeline.ts +++ b/x-pack/plugins/security_solution/cypress/tasks/timeline.ts @@ -397,3 +397,15 @@ export const expandEventAction = () => { }); cy.get(TIMELINE_COLLAPSED_ITEMS_BTN).click(); }; + +export const setKibanaTimezoneToUTC = () => + cy + .request({ + method: 'POST', + url: 'api/kibana/settings', + body: { changes: { 'dateFormat:tz': 'UTC' } }, + headers: { 'kbn-xsrf': 'set-kibana-timezone-utc' }, + }) + .then(() => { + cy.reload(); + }); diff --git a/x-pack/plugins/security_solution/cypress/upgrade_integration/detections/detection_rules/custom_query_rule.spec.ts b/x-pack/plugins/security_solution/cypress/upgrade_integration/detections/detection_rules/custom_query_rule.spec.ts index 55db62d7bf766c..3d17d6734a65b6 100644 --- a/x-pack/plugins/security_solution/cypress/upgrade_integration/detections/detection_rules/custom_query_rule.spec.ts +++ b/x-pack/plugins/security_solution/cypress/upgrade_integration/detections/detection_rules/custom_query_rule.spec.ts @@ -8,6 +8,7 @@ import semver from 'semver'; import { DESTINATION_IP, HOST_NAME, + PROCESS_NAME_COLUMN, PROCESS_NAME, REASON, RISK_SCORE, @@ -116,6 +117,7 @@ describe('After an upgrade, the custom query rule', () => { cy.get(REASON).should('have.text', expectedReason).type('{rightarrow}'); cy.get(HOST_NAME).should('have.text', alert.hostName); cy.get(USER_NAME).should('have.text', alert.username); + cy.get(PROCESS_NAME_COLUMN).eq(0).scrollIntoView(); cy.get(PROCESS_NAME).should('have.text', alert.processName); cy.get(SOURCE_IP).should('have.text', alert.sourceIp); cy.get(DESTINATION_IP).should('have.text', alert.destinationIp); diff --git a/x-pack/plugins/security_solution/cypress/upgrade_integration/detections/detection_rules/threshold_rule.spec.ts b/x-pack/plugins/security_solution/cypress/upgrade_integration/detections/detection_rules/threshold_rule.spec.ts index eadee6a7ac9dfa..059f60d06de5c3 100644 --- a/x-pack/plugins/security_solution/cypress/upgrade_integration/detections/detection_rules/threshold_rule.spec.ts +++ b/x-pack/plugins/security_solution/cypress/upgrade_integration/detections/detection_rules/threshold_rule.spec.ts @@ -36,10 +36,7 @@ import { loginAndWaitForPage } from '../../../tasks/login'; import { DETECTIONS_RULE_MANAGEMENT_URL } from '../../../urls/navigation'; import { OVERVIEW_HOST_NAME, - OVERVIEW_RISK_SCORE, - OVERVIEW_RULE, OVERVIEW_SEVERITY, - OVERVIEW_STATUS, OVERVIEW_THRESHOLD_COUNT, OVERVIEW_THRESHOLD_VALUE, SUMMARY_VIEW, @@ -49,7 +46,7 @@ const EXPECTED_NUMBER_OF_ALERTS = '1'; const alert = { rule: 'Threshold rule', - severity: 'medium', + severity: 'Medium', riskScore: '17', reason: 'event created medium alert Threshold rule.', hostName: 'security-solution.local', @@ -123,10 +120,9 @@ describe('After an upgrade, the threshold rule', () => { it('Displays the Overview alert details in the alert flyout', () => { expandFirstAlert(); - cy.get(OVERVIEW_STATUS).should('have.text', 'open'); - cy.get(OVERVIEW_RULE).should('have.text', alert.rule); + // TODO: Add verification of OVERVIEW_STATUS, OVERVIEW_RULE, + // OVERVIEW_RISK_CODE - need data-test-subj attributes cy.get(OVERVIEW_SEVERITY).should('have.text', alert.severity); - cy.get(OVERVIEW_RISK_SCORE).should('have.text', alert.riskScore); cy.get(OVERVIEW_HOST_NAME).should('have.text', alert.hostName); cy.get(OVERVIEW_THRESHOLD_COUNT).should('have.text', alert.thresholdCount); cy.get(OVERVIEW_THRESHOLD_VALUE).should('have.text', alert.hostName); diff --git a/x-pack/plugins/security_solution/cypress/upgrade_integration/threat_hunting/cases/import_case.spec.ts b/x-pack/plugins/security_solution/cypress/upgrade_integration/threat_hunting/cases/import_case.spec.ts index e97cebeff00b59..4f54591cd27aa7 100644 --- a/x-pack/plugins/security_solution/cypress/upgrade_integration/threat_hunting/cases/import_case.spec.ts +++ b/x-pack/plugins/security_solution/cypress/upgrade_integration/threat_hunting/cases/import_case.spec.ts @@ -46,7 +46,7 @@ const importedCase = { reporter: 'glo@test.co', tags: 'export case', numberOfAlerts: '2', - numberOfComments: '4', + numberOfComments: '2', description: "This is the description of the 7.16 case that I'm going to import in future versions.", timeline: 'This is just a timeline', @@ -59,7 +59,7 @@ const updateStatusRegex = new RegExp( `\\S${importedCase.user}marked case as${importedCase.status}\\S*\\s?(\\S*)?\\s?(\\S*)?` ); const alertUpdateRegex = new RegExp( - `\\S${importedCase.user}added an alert from ${importedCase.ruleName}\\S*\\s?(\\S*)?\\s?(\\S*)?` + `\\S${importedCase.user}added an alert from Unknown\\S*\\s?(\\S*)?\\s?(\\S*)?` ); const incidentManagementSystemRegex = new RegExp( `\\S${importedCase.participants[0]}selected ${importedCase.connector} as incident management system\\S*\\s?(\\S*)?\\s?(\\S*)?` @@ -110,7 +110,7 @@ describe('Import case after upgrade', () => { it('Displays the correct case details on the cases page', () => { cy.get(ALL_CASES_NAME).should('have.text', importedCase.title); - cy.get(ALL_CASES_REPORTER).should('have.text', importedCase.reporter); + cy.get(ALL_CASES_REPORTER).should('have.text', importedCase.user); cy.get(ALL_CASES_NUMBER_OF_ALERTS).should('have.text', importedCase.numberOfAlerts); cy.get(ALL_CASES_COMMENTS_COUNT).should('have.text', importedCase.numberOfComments); cy.get(ALL_CASES_NOT_PUSHED).should('be.visible'); diff --git a/x-pack/plugins/security_solution/cypress/upgrade_integration/threat_hunting/timeline/import_timeline.spec.ts b/x-pack/plugins/security_solution/cypress/upgrade_integration/threat_hunting/timeline/import_timeline.spec.ts index c842c96e700e71..3f6101bc24e456 100644 --- a/x-pack/plugins/security_solution/cypress/upgrade_integration/threat_hunting/timeline/import_timeline.spec.ts +++ b/x-pack/plugins/security_solution/cypress/upgrade_integration/threat_hunting/timeline/import_timeline.spec.ts @@ -43,6 +43,7 @@ import { deleteTimeline, goToCorrelationTab, goToNotesTab, + setKibanaTimezoneToUTC, } from '../../../tasks/timeline'; import { expandNotes, importTimeline, openTimeline } from '../../../tasks/timelines'; @@ -52,8 +53,8 @@ const timeline = '7_15_timeline.ndjson'; const username = 'elastic'; const timelineDetails = { - dateStart: 'Oct 11, 2020 @ 00:00:00.000', - dateEnd: 'Oct 11, 2030 @ 17:13:15.851', + dateStart: 'Oct 10, 2020 @ 22:00:00.000', + dateEnd: 'Oct 11, 2030 @ 15:13:15.851', queryTab: 'Query4', correlationTab: 'Correlation', analyzerTab: 'Analyzer', @@ -72,7 +73,7 @@ const detectionAlert = { }; const event = { - timestamp: 'Nov 4, 2021 @ 11:09:29.438', + timestamp: 'Nov 4, 2021 @ 10:09:29.438', message: '—', eventCategory: 'file', eventAction: 'initial_scan', @@ -86,6 +87,7 @@ describe('Import timeline after upgrade', () => { before(() => { loginAndWaitForPageWithoutDateRange(TIMELINES_URL); importTimeline(timeline); + setKibanaTimezoneToUTC(); }); after(() => { diff --git a/x-pack/test/security_solution_cypress/upgrade_config.ts b/x-pack/test/security_solution_cypress/upgrade_config.ts index 95aa58489851b8..221cf7b30e0615 100644 --- a/x-pack/test/security_solution_cypress/upgrade_config.ts +++ b/x-pack/test/security_solution_cypress/upgrade_config.ts @@ -5,10 +5,17 @@ * 2.0. */ +import { FtrConfigProviderContext } from '@kbn/test'; + import { SecuritySolutionCypressUpgradeCliTestRunner } from './runner'; -export default async function () { +export default async function ({ readConfigFile }: FtrConfigProviderContext) { + const kibanaCommonTestsConfig = await readConfigFile( + require.resolve('../../../test/common/config.js') + ); + return { + ...kibanaCommonTestsConfig.getAll(), testRunner: SecuritySolutionCypressUpgradeCliTestRunner, }; }