Re-enable brolen ML tests

x-pack/plugins/security_solution/cypress/integration/detection_rules/machine_learning_rule.spec.ts

@@ -66,7 +66,7 @@ describe('Detection rules, machine learning', () => {
     visitWithoutDateRange(RULE_CREATION);
   });
 
-  it.skip('Creates and enables a new ml rule', () => {
+  it('Creates and enables a new ml rule', () => {
     selectMachineLearningRuleType();
     fillDefineMachineLearningRuleAndContinue(getMachineLearningRule());
     fillAboutRuleAndContinue(getMachineLearningRule());

x-pack/plugins/security_solution/cypress/objects/rule.ts

@@ -321,7 +321,10 @@ export const getNewThresholdRule = (): ThresholdRule => ({
 });
 
 export const getMachineLearningRule = (): MachineLearningRule => ({
-  machineLearningJobs: ['linux_anomalous_network_service', 'linux_anomalous_network_activity_ecs'],
+  machineLearningJobs: [
+    'v3_linux_anomalous_process_all_hosts',
+    'v3_linux_anomalous_network_activity',
+  ],
   anomalyScoreThreshold: '20',
   name: 'New ML Rule Test',
   description: 'The new ML rule description.',

x-pack/plugins/security_solution/public/common/components/ml_popover/api.mock.ts

@@ -126,7 +126,7 @@ export const mockJobsSummaryResponse: MlSummaryJob[] = [
 
 export const mockGetModuleResponse: Module[] = [
   {
-    id: 'siem_auditbeat',
+    id: 'security_linux_v3',
     title: 'SIEM Auditbeat',
     description:
       'Detect suspicious network activity and unusual processes in Auditbeat data (beta)',
@@ -136,7 +136,7 @@ export const mockGetModuleResponse: Module[] = [
     query: { bool: { filter: [{ term: { 'agent.type': 'auditbeat' } }] } },
     jobs: [
       {
-        id: 'rare_process_by_host_linux_ecs',
+        id: 'rare_process_by_host_linux',
         config: {
           job_type: 'anomaly_detector',
           description: 'SIEM Auditbeat: Detect unusually rare processes on Linux (beta)',
@@ -203,7 +203,7 @@ export const mockGetModuleResponse: Module[] = [
     kibana: {},
   },
   {
-    id: 'siem_winlogbeat',
+    id: 'security_windows_v3',
     title: 'SIEM Winlogbeat',
     description: 'Detect unusual processes and network activity in Winlogbeat data (beta)',
     type: 'Winlogbeat data',
@@ -356,7 +356,7 @@ export const mockGetModuleResponse: Module[] = [
 
 export const checkRecognizerSuccess: RecognizerModule[] = [
   {
-    id: 'siem_auditbeat',
+    id: 'security_linux_v3',
     title: 'SIEM Auditbeat',
     query: { bool: { filter: [{ term: { 'agent.type': 'auditbeat' } }] } },
     description:
@@ -512,7 +512,7 @@ export const mockSecurityJobs: SecurityJob[] = [
     earliestTimestampMs: 1569812391387,
     latestResultsTimestampMs: 1571022900000,
     isSingleMetricViewerJob: true,
-    moduleId: 'siem_auditbeat',
+    moduleId: 'security_linux_v3',
     defaultIndexPattern: 'auditbeat-*',
     isCompatible: true,
     isInstalled: true,
@@ -533,7 +533,7 @@ export const mockSecurityJobs: SecurityJob[] = [
     datafeedIndices: ['auditbeat-*'],
     datafeedState: 'stopped',
     isSingleMetricViewerJob: true,
-    moduleId: 'siem_auditbeat',
+    moduleId: 'security_linux_v3',
     defaultIndexPattern: 'auditbeat-*',
     isCompatible: true,
     isInstalled: true,
@@ -555,7 +555,7 @@ export const mockSecurityJobs: SecurityJob[] = [
     description: 'SIEM Winlogbeat: Detect unusually rare processes on Windows (beta)',
     groups: ['process', 'siem', 'winlogbeat'],
     defaultIndexPattern: 'winlogbeat-*',
-    moduleId: 'siem_winlogbeat',
+    moduleId: 'security_windows_v3',
     isCompatible: false,
     isInstalled: false,
     isElasticJob: true,

x-pack/plugins/security_solution/public/common/components/ml_popover/hooks/use_security_jobs.test.ts

@@ -46,7 +46,7 @@ describe('useSecurityJobs', () => {
       (checkRecognizer as jest.Mock).mockResolvedValue(checkRecognizerSuccess);
     });
 
-    it.skip('combines multiple ML calls into an array of SecurityJobs', async () => {
+    it('combines multiple ML calls into an array of SecurityJobs', async () => {
       const expectedSecurityJob: SecurityJob = {
         datafeedId: 'datafeed-siem-api-rare_process_linux_ecs',
         datafeedIndices: ['auditbeat-*'],
@@ -78,15 +78,15 @@ describe('useSecurityJobs', () => {
       expect(result.current.jobs).toEqual(expect.arrayContaining([expectedSecurityJob]));
     });
 
-    it.skip('returns those permissions', async () => {
+    it('returns those permissions', async () => {
       const { result, waitForNextUpdate } = renderHook(() => useSecurityJobs(false));
       await waitForNextUpdate();
 
       expect(result.current.isMlAdmin).toEqual(true);
       expect(result.current.isLicensed).toEqual(true);
     });
 
-    it.skip('renders a toast error if an ML call fails', async () => {
+    it('renders a toast error if an ML call fails', async () => {
       (getModules as jest.Mock).mockRejectedValue('whoops');
       const { waitForNextUpdate } = renderHook(() => useSecurityJobs(false));
       await waitForNextUpdate();
@@ -103,7 +103,7 @@ describe('useSecurityJobs', () => {
       (hasMlLicense as jest.Mock).mockReturnValue(false);
     });
 
-    it.skip('returns empty jobs and false predicates', () => {
+    it('returns empty jobs and false predicates', () => {
       const { result } = renderHook(() => useSecurityJobs(false));
 
       expect(result.current.jobs).toEqual([]);

x-pack/plugins/security_solution/public/common/components/ml_popover/hooks/use_security_jobs_helpers.test.tsx

@@ -23,7 +23,7 @@ import {
 
 describe('useSecurityJobsHelpers', () => {
   describe('moduleToSecurityJob', () => {
-    test.skip('correctly converts module to SecurityJob', () => {
+    test('correctly converts module to SecurityJob', () => {
       const securityJob = moduleToSecurityJob(
         mockGetModuleResponse[0],
         mockGetModuleResponse[0].jobs[0],
@@ -47,56 +47,56 @@ describe('useSecurityJobsHelpers', () => {
         jobState: 'closed',
         jobTags: {},
         memory_status: '',
-        moduleId: 'siem_auditbeat',
+        moduleId: 'security_linux_v3',
         processed_record_count: 0,
       });
     });
 
     describe('getAugmentedFields', () => {
-      test.skip('return correct augmented fields for given matching compatible modules', () => {
-        const moduleJobs = getModuleJobs(mockGetModuleResponse, ['siem_auditbeat']);
+      test('return correct augmented fields for given matching compatible modules', () => {
+        const moduleJobs = getModuleJobs(mockGetModuleResponse, ['security_linux_v3']);
         const augmentedFields = getAugmentedFields('rare_process_by_host_linux', moduleJobs, [
-          'siem_auditbeat',
+          'security_linux_v3',
         ]);
         expect(augmentedFields).toEqual({
           defaultIndexPattern: 'auditbeat-*',
           isCompatible: true,
           isElasticJob: true,
-          moduleId: 'siem_auditbeat',
+          moduleId: 'security_linux_v3',
         });
       });
     });
 
     describe('getModuleJobs', () => {
-      test.skip('returns all jobs within a module for a compatible moduleId', () => {
-        const moduleJobs = getModuleJobs(mockGetModuleResponse, ['siem_auditbeat']);
+      test('returns all jobs within a module for a compatible moduleId', () => {
+        const moduleJobs = getModuleJobs(mockGetModuleResponse, ['security_linux_v3']);
         expect(moduleJobs.length).toEqual(3);
       });
     });
 
     describe('getInstalledJobs', () => {
-      test.skip('returns all jobs from jobSummary for a compatible moduleId', () => {
-        const moduleJobs = getModuleJobs(mockGetModuleResponse, ['siem_auditbeat']);
+      test('returns all jobs from jobSummary for a compatible moduleId', () => {
+        const moduleJobs = getModuleJobs(mockGetModuleResponse, ['security_linux_v3']);
         const installedJobs = getInstalledJobs(mockJobsSummaryResponse, moduleJobs, [
-          'siem_auditbeat',
+          'security_linux_v3',
         ]);
         expect(installedJobs.length).toEqual(3);
       });
     });
 
     describe('composeModuleAndInstalledJobs', () => {
-      test.skip('returns correct number of jobs when composing separate module and installed jobs', () => {
-        const moduleJobs = getModuleJobs(mockGetModuleResponse, ['siem_auditbeat']);
+      test('returns correct number of jobs when composing separate module and installed jobs', () => {
+        const moduleJobs = getModuleJobs(mockGetModuleResponse, ['security_linux_v3']);
         const installedJobs = getInstalledJobs(mockJobsSummaryResponse, moduleJobs, [
-          'siem_auditbeat',
+          'security_linux_v3',
         ]);
         const securityJobs = composeModuleAndInstalledJobs(installedJobs, moduleJobs);
         expect(securityJobs.length).toEqual(6);
       });
     });
 
     describe('createSecurityJobs', () => {
-      test.skip('returns correct number of jobs when creating jobs with successful responses', () => {
+      test('returns correct number of jobs when creating jobs with successful responses', () => {
         const securityJobs = createSecurityJobs(
           mockJobsSummaryResponse,
           mockGetModuleResponse,

x-pack/test/detection_engine_api_integration/security_and_spaces/group1/create_ml.ts

@@ -49,8 +49,8 @@ export default ({ getService }: FtrProviderContext) => {
   const es = getService('es');
   const log = getService('log');
 
-  const siemModule = 'siem_auditbeat';
-  const mlJobId = 'linux_anomalous_network_activity_ecs';
+  const siemModule = 'security_linux_v3';
+  const mlJobId = 'v3_linux_anomalous_network_activity';
   const testRule: MachineLearningCreateSchema = {
     name: 'Test ML rule',
     description: 'Test ML rule description',
@@ -93,7 +93,7 @@ export default ({ getService }: FtrProviderContext) => {
   }
 
   // FAILING ES PROMOTION: https://github.com/elastic/kibana/issues/125033
-  describe.skip('Generating signals from ml anomalies', () => {
+  describe('Generating signals from ml anomalies', () => {
     before(async () => {
       // Order is critical here: auditbeat data must be loaded before attempting to start the ML job,
       // as the job looks for certain indices on start
@@ -139,7 +139,7 @@ export default ({ getService }: FtrProviderContext) => {
         ],
         initial_record_score: 33.36147565024334,
         is_interim: false,
-        job_id: 'linux_anomalous_network_activity_ecs',
+        job_id: 'v3_linux_anomalous_network_activity',
         multi_bucket_impact: 0,
         probability: 0.007820139656036713,
         record_score: 33.36147565024334,
@@ -152,9 +152,9 @@ export default ({ getService }: FtrProviderContext) => {
         'event.kind': 'signal',
         [ALERT_ANCESTORS]: [
           {
-            id: 'linux_anomalous_network_activity_ecs_record_1586274300000_900_0_-96106189301704594950079884115725560577_5',
+            id: 'v3_linux_anomalous_network_activity_record_1586274300000_900_0_-96106189301704594950079884115725560577_5',
             type: 'event',
-            index: '.ml-anomalies-custom-linux_anomalous_network_activity_ecs',
+            index: '.ml-anomalies-custom-v3_linux_anomalous_network_activity',
             depth: 0,
           },
         ],
@@ -171,12 +171,15 @@ export default ({ getService }: FtrProviderContext) => {
           false_positives: [],
           from: '1900-01-01T00:00:00.000Z',
           immutable: false,
-          machine_learning_job_id: ['linux_anomalous_network_activity_ecs'],
+          machine_learning_job_id: ['v3_linux_anomalous_network_activity'],
           max_signals: 100,
           references: [],
+          related_integrations: [],
+          required_fields: [],
           risk_score: 50,
           risk_score_mapping: [],
           rule_id: createdRule.rule_id,
+          setup: '',
           severity: 'critical',
           severity_mapping: [],
           threat: [],
@@ -221,8 +224,8 @@ export default ({ getService }: FtrProviderContext) => {
         [ALERT_REASON]: `event with process store, by root on mothra created critical alert Test ML rule.`,
         [ALERT_ORIGINAL_TIME]: '2020-11-16T22:58:08.000Z',
         all_field_values: [
+          'v3_linux_anomalous_network_activity',
           'store',
-          'linux_anomalous_network_activity_ecs',
           'root',
           'store',
           'mothra',