improves eql test (#79014)

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
elastic · Oct 2, 2020 · b01140f · b01140f
1 parent 09b0b66
commit b01140f
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 1 deletion.
diff --git a/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_eql.spec.ts b/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_eql.spec.ts
@@ -6,6 +6,14 @@
 
 import { eqlRule, indexPatterns } from '../objects/rule';
 
+import {
+  ALERT_RULE_METHOD,
+  ALERT_RULE_NAME,
+  ALERT_RULE_RISK_SCORE,
+  ALERT_RULE_SEVERITY,
+  ALERT_RULE_VERSION,
+  NUMBER_OF_ALERTS,
+} from '../screens/alerts';
 import {
   CUSTOM_RULES_BTN,
   RISK_SCORE,
@@ -59,9 +67,11 @@ import {
   fillDefineEqlRuleAndContinue,
   fillScheduleRuleAndContinue,
   selectEqlRuleType,
+  waitForTheRuleToBeExecuted,
 } from '../tasks/create_new_rule';
 import { esArchiverLoad, esArchiverUnload } from '../tasks/es_archiver';
 import { loginAndWaitForPageWithoutDateRange } from '../tasks/login';
+import { refreshPage } from '../tasks/security_header';
 
 import { DETECTIONS_URL } from '../urls/navigation';
 
@@ -74,6 +84,7 @@ const expectedMitre = eqlRule.mitre
   })
   .join('');
 const expectedNumberOfRules = 1;
+const expectedNumberOfAlerts = 7;
 
 describe('Detection rules, EQL', () => {
   before(() => {
@@ -146,5 +157,19 @@ describe('Detection rules, EQL', () => {
         `${eqlRule.lookBack.interval}${eqlRule.lookBack.type}`
       );
     });
+
+    refreshPage();
+    waitForTheRuleToBeExecuted();
+
+    cy.get(NUMBER_OF_ALERTS)
+      .invoke('text')
+      .then((numberOfAlertsText) => {
+        cy.wrap(parseInt(numberOfAlertsText, 10)).should('eql', expectedNumberOfAlerts);
+      });
+    cy.get(ALERT_RULE_NAME).first().should('have.text', eqlRule.name);
+    cy.get(ALERT_RULE_VERSION).first().should('have.text', '1');
+    cy.get(ALERT_RULE_METHOD).first().should('have.text', 'eql');
+    cy.get(ALERT_RULE_SEVERITY).first().should('have.text', eqlRule.severity.toLowerCase());
+    cy.get(ALERT_RULE_RISK_SCORE).first().should('have.text', eqlRule.riskScore);
   });
 });
diff --git a/x-pack/plugins/security_solution/cypress/objects/rule.ts b/x-pack/plugins/security_solution/cypress/objects/rule.ts
@@ -215,7 +215,7 @@ export const machineLearningRule: MachineLearningRule = {
 };
 
 export const eqlRule: CustomRule = {
-  customQuery: 'process where process_name == "explorer.exe"',
+  customQuery: 'any where process.name == "which"',
   name: 'New EQL Rule',
   description: 'New EQL rule description.',
   severity: 'High',