Skip to content

Commit

Permalink
[SIEM] [Detections] Renames Signals to Alerts (elastic#67731)
Browse files Browse the repository at this point in the history 
## Summary

Resolves elastic#65944

Renames `Signals` -> `Alerts` on the main Detection Engine page. Including:
* Timeline Event Selector
* Alerts Histogram
* Alerts Table

Does not include:
* `Detections` -> `Alerts` navigation rename
* `SignalsByCategory` rename as there already exists an `AlertsByCategory`, verify changing to `ExternalAlertsByCategory`
* Anything server-side or related to `siemSignalsIndex`


### Checklist

- [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md)
- [X] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios
  • Loading branch information
@spong
spong committed Jun 3, 2020
1 parent bff539c commit 1c9be09
Show file tree
Hide file tree
Showing 108 changed files with 1,099 additions and 1,305 deletions.
8 changes: 4 additions & 4 deletions x-pack/plugins/siem/cypress/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -176,16 +176,16 @@ The current archives can be found in `x-pack/test/siem_cypress/es_archives/`.
- siem-kibana
- siem-es
- jessie
- closed_signals
- Set of data with 108 closed signals linked to "Signals test" custom rule.
- closed_alerts
- Set of data with 108 closed alerts linked to "Alerts test" custom rule.
- custome_rules
- Set if data with just 4 custom activated rules.
- empty_kibana
- Empty kibana board.
- prebuilt_rules_loaded
- Elastic prebuilt loaded rules and deactivated.
- signals
- Set of data with 108 opened signals linked to "Signals test" custom rule.
- alerts
- Set of data with 108 opened alerts linked to "Alerts test" custom rule.

### How to generate a new archive

Expand Down
231 changes: 114 additions & 117 deletions x-pack/plugins/siem/cypress/integration/detections.spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,204 +4,201 @@
* you may not use this file except in compliance with the Elastic License.
*/
import {
NUMBER_OF_SIGNALS,
OPEN_CLOSE_SIGNALS_BTN,
SELECTED_SIGNALS,
SHOWING_SIGNALS,
SIGNALS,
NUMBER_OF_ALERTS,
OPEN_CLOSE_ALERTS_BTN,
SELECTED_ALERTS,
SHOWING_ALERTS,
ALERTS,
} from '../screens/detections';

import {
closeFirstSignal,
closeSignals,
goToClosedSignals,
goToOpenedSignals,
openFirstSignal,
openSignals,
selectNumberOfSignals,
waitForSignalsPanelToBeLoaded,
waitForSignals,
waitForSignalsToBeLoaded,
closeFirstAlert,
closeAlerts,
goToClosedAlerts,
goToOpenedAlerts,
openFirstAlert,
openAlerts,
selectNumberOfAlerts,
waitForAlertsPanelToBeLoaded,
waitForAlerts,
waitForAlertsToBeLoaded,
} from '../tasks/detections';
import { esArchiverLoad } from '../tasks/es_archiver';
import { loginAndWaitForPage } from '../tasks/login';

import { DETECTIONS } from '../urls/navigation';

describe('Detections', () => {
context('Closing signals', () => {
context('Closing alerts', () => {
beforeEach(() => {
esArchiverLoad('signals');
esArchiverLoad('alerts');
loginAndWaitForPage(DETECTIONS);
});

it('Closes and opens signals', () => {
waitForSignalsPanelToBeLoaded();
waitForSignalsToBeLoaded();
it('Closes and opens alerts', () => {
waitForAlertsPanelToBeLoaded();
waitForAlertsToBeLoaded();

cy.get(NUMBER_OF_SIGNALS)
cy.get(NUMBER_OF_ALERTS)
.invoke('text')
.then((numberOfSignals) => {
cy.get(SHOWING_SIGNALS).should('have.text', `Showing ${numberOfSignals} signals`);
.then((numberOfAlerts) => {
cy.get(SHOWING_ALERTS).should('have.text', `Showing ${numberOfAlerts} alerts`);

const numberOfSignalsToBeClosed = 3;
selectNumberOfSignals(numberOfSignalsToBeClosed);
const numberOfAlertsToBeClosed = 3;
selectNumberOfAlerts(numberOfAlertsToBeClosed);

cy.get(SELECTED_SIGNALS).should(
cy.get(SELECTED_ALERTS).should(
'have.text',
`Selected ${numberOfSignalsToBeClosed} signals`
`Selected ${numberOfAlertsToBeClosed} alerts`
);

closeSignals();
waitForSignals();
closeAlerts();
waitForAlerts();
cy.reload();
waitForSignals();
waitForAlerts();

const expectedNumberOfSignalsAfterClosing = +numberOfSignals - numberOfSignalsToBeClosed;
cy.get(NUMBER_OF_SIGNALS).should(
const expectedNumberOfAlertsAfterClosing = +numberOfAlerts - numberOfAlertsToBeClosed;
cy.get(NUMBER_OF_ALERTS).should(
'have.text',
expectedNumberOfSignalsAfterClosing.toString()
expectedNumberOfAlertsAfterClosing.toString()
);

cy.get(SHOWING_SIGNALS).should(
cy.get(SHOWING_ALERTS).should(
'have.text',
`Showing ${expectedNumberOfSignalsAfterClosing.toString()} signals`
`Showing ${expectedNumberOfAlertsAfterClosing.toString()} alerts`
);

goToClosedSignals();
waitForSignals();
goToClosedAlerts();
waitForAlerts();

cy.get(NUMBER_OF_SIGNALS).should('have.text', numberOfSignalsToBeClosed.toString());
cy.get(SHOWING_SIGNALS).should(
cy.get(NUMBER_OF_ALERTS).should('have.text', numberOfAlertsToBeClosed.toString());
cy.get(SHOWING_ALERTS).should(
'have.text',
`Showing ${numberOfSignalsToBeClosed.toString()} signals`
`Showing ${numberOfAlertsToBeClosed.toString()} alerts`
);
cy.get(SIGNALS).should('have.length', numberOfSignalsToBeClosed);
cy.get(ALERTS).should('have.length', numberOfAlertsToBeClosed);

const numberOfSignalsToBeOpened = 1;
selectNumberOfSignals(numberOfSignalsToBeOpened);
const numberOfAlertsToBeOpened = 1;
selectNumberOfAlerts(numberOfAlertsToBeOpened);

cy.get(SELECTED_SIGNALS).should(
'have.text',
`Selected ${numberOfSignalsToBeOpened} signal`
);
cy.get(SELECTED_ALERTS).should('have.text', `Selected ${numberOfAlertsToBeOpened} alert`);

openSignals();
waitForSignals();
openAlerts();
waitForAlerts();
cy.reload();
waitForSignalsToBeLoaded();
waitForSignals();
goToClosedSignals();
waitForSignals();
waitForAlertsToBeLoaded();
waitForAlerts();
goToClosedAlerts();
waitForAlerts();

const expectedNumberOfClosedSignalsAfterOpened = 2;
cy.get(NUMBER_OF_SIGNALS).should(
const expectedNumberOfClosedAlertsAfterOpened = 2;
cy.get(NUMBER_OF_ALERTS).should(
'have.text',
expectedNumberOfClosedSignalsAfterOpened.toString()
expectedNumberOfClosedAlertsAfterOpened.toString()
);
cy.get(SHOWING_SIGNALS).should(
cy.get(SHOWING_ALERTS).should(
'have.text',
`Showing ${expectedNumberOfClosedSignalsAfterOpened.toString()} signals`
`Showing ${expectedNumberOfClosedAlertsAfterOpened.toString()} alerts`
);
cy.get(SIGNALS).should('have.length', expectedNumberOfClosedSignalsAfterOpened);
cy.get(ALERTS).should('have.length', expectedNumberOfClosedAlertsAfterOpened);

goToOpenedSignals();
waitForSignals();
goToOpenedAlerts();
waitForAlerts();

const expectedNumberOfOpenedSignals =
+numberOfSignals - expectedNumberOfClosedSignalsAfterOpened;
cy.get(SHOWING_SIGNALS).should(
const expectedNumberOfOpenedAlerts =
+numberOfAlerts - expectedNumberOfClosedAlertsAfterOpened;
cy.get(SHOWING_ALERTS).should(
'have.text',
`Showing ${expectedNumberOfOpenedSignals.toString()} signals`
`Showing ${expectedNumberOfOpenedAlerts.toString()} alerts`
);

cy.get('[data-test-subj="server-side-event-count"]').should(
'have.text',
expectedNumberOfOpenedSignals.toString()
expectedNumberOfOpenedAlerts.toString()
);
});
});

it('Closes one signal when more than one opened signals are selected', () => {
waitForSignalsToBeLoaded();
it('Closes one alert when more than one opened alerts are selected', () => {
waitForAlertsToBeLoaded();

cy.get(NUMBER_OF_SIGNALS)
cy.get(NUMBER_OF_ALERTS)
.invoke('text')
.then((numberOfSignals) => {
const numberOfSignalsToBeClosed = 1;
const numberOfSignalsToBeSelected = 3;
.then((numberOfAlerts) => {
const numberOfAlertsToBeClosed = 1;
const numberOfAlertsToBeSelected = 3;

cy.get(OPEN_CLOSE_SIGNALS_BTN).should('have.attr', 'disabled');
selectNumberOfSignals(numberOfSignalsToBeSelected);
cy.get(OPEN_CLOSE_SIGNALS_BTN).should('not.have.attr', 'disabled');
cy.get(OPEN_CLOSE_ALERTS_BTN).should('have.attr', 'disabled');
selectNumberOfAlerts(numberOfAlertsToBeSelected);
cy.get(OPEN_CLOSE_ALERTS_BTN).should('not.have.attr', 'disabled');

closeFirstSignal();
closeFirstAlert();
cy.reload();
waitForSignalsToBeLoaded();
waitForSignals();
waitForAlertsToBeLoaded();
waitForAlerts();

const expectedNumberOfSignals = +numberOfSignals - numberOfSignalsToBeClosed;
cy.get(NUMBER_OF_SIGNALS).invoke('text').should('eq', expectedNumberOfSignals.toString());
cy.get(SHOWING_SIGNALS)
const expectedNumberOfAlerts = +numberOfAlerts - numberOfAlertsToBeClosed;
cy.get(NUMBER_OF_ALERTS).invoke('text').should('eq', expectedNumberOfAlerts.toString());
cy.get(SHOWING_ALERTS)
.invoke('text')
.should('eql', `Showing ${expectedNumberOfSignals.toString()} signals`);
.should('eql', `Showing ${expectedNumberOfAlerts.toString()} alerts`);

goToClosedSignals();
waitForSignals();
goToClosedAlerts();
waitForAlerts();

cy.get(NUMBER_OF_SIGNALS)
cy.get(NUMBER_OF_ALERTS)
.invoke('text')
.should('eql', numberOfSignalsToBeClosed.toString());
cy.get(SHOWING_SIGNALS)
.should('eql', numberOfAlertsToBeClosed.toString());
cy.get(SHOWING_ALERTS)
.invoke('text')
.should('eql', `Showing ${numberOfSignalsToBeClosed.toString()} signal`);
cy.get(SIGNALS).should('have.length', numberOfSignalsToBeClosed);
.should('eql', `Showing ${numberOfAlertsToBeClosed.toString()} alert`);
cy.get(ALERTS).should('have.length', numberOfAlertsToBeClosed);
});
});
});
context('Opening signals', () => {
context('Opening alerts', () => {
beforeEach(() => {
esArchiverLoad('closed_signals');
esArchiverLoad('closed_alerts');
loginAndWaitForPage(DETECTIONS);
});

it('Open one signal when more than one closed signals are selected', () => {
waitForSignals();
goToClosedSignals();
waitForSignalsToBeLoaded();
it('Open one alert when more than one closed alerts are selected', () => {
waitForAlerts();
goToClosedAlerts();
waitForAlertsToBeLoaded();

cy.get(NUMBER_OF_SIGNALS)
cy.get(NUMBER_OF_ALERTS)
.invoke('text')
.then((numberOfSignals) => {
const numberOfSignalsToBeOpened = 1;
const numberOfSignalsToBeSelected = 3;
.then((numberOfAlerts) => {
const numberOfAlertsToBeOpened = 1;
const numberOfAlertsToBeSelected = 3;

cy.get(OPEN_CLOSE_SIGNALS_BTN).should('have.attr', 'disabled');
selectNumberOfSignals(numberOfSignalsToBeSelected);
cy.get(OPEN_CLOSE_SIGNALS_BTN).should('not.have.attr', 'disabled');
cy.get(OPEN_CLOSE_ALERTS_BTN).should('have.attr', 'disabled');
selectNumberOfAlerts(numberOfAlertsToBeSelected);
cy.get(OPEN_CLOSE_ALERTS_BTN).should('not.have.attr', 'disabled');

openFirstSignal();
openFirstAlert();
cy.reload();
goToClosedSignals();
waitForSignalsToBeLoaded();
waitForSignals();
goToClosedAlerts();
waitForAlertsToBeLoaded();
waitForAlerts();

const expectedNumberOfSignals = +numberOfSignals - numberOfSignalsToBeOpened;
cy.get(NUMBER_OF_SIGNALS).invoke('text').should('eq', expectedNumberOfSignals.toString());
cy.get(SHOWING_SIGNALS)
const expectedNumberOfAlerts = +numberOfAlerts - numberOfAlertsToBeOpened;
cy.get(NUMBER_OF_ALERTS).invoke('text').should('eq', expectedNumberOfAlerts.toString());
cy.get(SHOWING_ALERTS)
.invoke('text')
.should('eql', `Showing ${expectedNumberOfSignals.toString()} signals`);
.should('eql', `Showing ${expectedNumberOfAlerts.toString()} alerts`);

goToOpenedSignals();
waitForSignals();
goToOpenedAlerts();
waitForAlerts();

cy.get(NUMBER_OF_SIGNALS)
cy.get(NUMBER_OF_ALERTS)
.invoke('text')
.should('eql', numberOfSignalsToBeOpened.toString());
cy.get(SHOWING_SIGNALS)
.should('eql', numberOfAlertsToBeOpened.toString());
cy.get(SHOWING_ALERTS)
.invoke('text')
.should('eql', `Showing ${numberOfSignalsToBeOpened.toString()} signal`);
cy.get(SIGNALS).should('have.length', numberOfSignalsToBeOpened);
.should('eql', `Showing ${numberOfAlertsToBeOpened.toString()} alert`);
cy.get(ALERTS).should('have.length', numberOfAlertsToBeOpened);
});
});
});
Expand Down
22 changes: 11 additions & 11 deletions x-pack/plugins/siem/cypress/integration/detections_timeline.spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,13 @@
* you may not use this file except in compliance with the Elastic License.
*/

import { SIGNAL_ID } from '../screens/detections';
import { ALERT_ID } from '../screens/detections';
import { PROVIDER_BADGE } from '../screens/timeline';

import {
expandFirstSignal,
investigateFirstSignalInTimeline,
waitForSignalsPanelToBeLoaded,
expandFirstAlert,
investigateFirstAlertInTimeline,
waitForAlertsPanelToBeLoaded,
} from '../tasks/detections';
import { esArchiverLoad, esArchiverUnload } from '../tasks/es_archiver';
import { loginAndWaitForPage } from '../tasks/login';
Expand All @@ -19,22 +19,22 @@ import { DETECTIONS } from '../urls/navigation';

describe('Detections timeline', () => {
beforeEach(() => {
esArchiverLoad('timeline_signals');
esArchiverLoad('timeline_alerts');
loginAndWaitForPage(DETECTIONS);
});

afterEach(() => {
esArchiverUnload('timeline_signals');
esArchiverUnload('timeline_alerts');
});

it('Investigate signal in default timeline', () => {
waitForSignalsPanelToBeLoaded();
expandFirstSignal();
cy.get(SIGNAL_ID)
it('Investigate alert in default timeline', () => {
waitForAlertsPanelToBeLoaded();
expandFirstAlert();
cy.get(ALERT_ID)
.first()
.invoke('text')
.then((eventId) => {
investigateFirstSignalInTimeline();
investigateFirstAlertInTimeline();
cy.get(PROVIDER_BADGE).invoke('text').should('eql', `_id: "${eventId}"`);
});
});
Expand Down
Loading

0 comments on commit 1c9be09

Please sign in to comment.