elastic · xcrzx · Jun 8, 2022 · Jun 3, 2022
diff --git a/package.json b/package.json
@@ -887,6 +887,7 @@
     "eslint-plugin-react-hooks": "^4.2.0",
     "eslint-plugin-react-perf": "^3.3.0",
     "eslint-traverse": "^1.0.0",
+    "expect": "^28.1.1",
     "expose-loader": "^0.7.5",
     "faker": "^5.1.0",
     "fancy-log": "^1.3.2",

@@ -66,7 +66,7 @@ describe('Detection rules, machine learning', () => {
     visitWithoutDateRange(RULE_CREATION);
   });
 
-  it.skip('Creates and enables a new ml rule', () => {
+  it('Creates and enables a new ml rule', () => {
     selectMachineLearningRuleType();
     fillDefineMachineLearningRuleAndContinue(getMachineLearningRule());
     fillAboutRuleAndContinue(getMachineLearningRule());

@@ -321,7 +321,10 @@ export const getNewThresholdRule = (): ThresholdRule => ({
 });
 
 export const getMachineLearningRule = (): MachineLearningRule => ({
-  machineLearningJobs: ['linux_anomalous_network_service', 'linux_anomalous_network_activity_ecs'],
+  machineLearningJobs: [
+    'v3_linux_anomalous_process_all_hosts',
+    'v3_linux_anomalous_network_activity',
+  ],
   anomalyScoreThreshold: '20',
   name: 'New ML Rule Test',
   description: 'The new ML rule description.',

@@ -126,7 +126,7 @@ export const mockJobsSummaryResponse: MlSummaryJob[] = [
 
 export const mockGetModuleResponse: Module[] = [
   {
-    id: 'siem_auditbeat',
+    id: 'security_linux_v3',
     title: 'SIEM Auditbeat',
     description:
       'Detect suspicious network activity and unusual processes in Auditbeat data (beta)',
@@ -136,7 +136,7 @@ export const mockGetModuleResponse: Module[] = [
     query: { bool: { filter: [{ term: { 'agent.type': 'auditbeat' } }] } },
     jobs: [
       {
-        id: 'rare_process_by_host_linux_ecs',
+        id: 'rare_process_by_host_linux',
         config: {
           job_type: 'anomaly_detector',
           description: 'SIEM Auditbeat: Detect unusually rare processes on Linux (beta)',
@@ -203,7 +203,7 @@ export const mockGetModuleResponse: Module[] = [
     kibana: {},
   },
   {
-    id: 'siem_winlogbeat',
+    id: 'security_windows_v3',
     title: 'SIEM Winlogbeat',
     description: 'Detect unusual processes and network activity in Winlogbeat data (beta)',
     type: 'Winlogbeat data',
@@ -356,7 +356,7 @@ export const mockGetModuleResponse: Module[] = [
 
 export const checkRecognizerSuccess: RecognizerModule[] = [
   {
-    id: 'siem_auditbeat',
+    id: 'security_linux_v3',
     title: 'SIEM Auditbeat',
     query: { bool: { filter: [{ term: { 'agent.type': 'auditbeat' } }] } },
     description:
@@ -512,7 +512,7 @@ export const mockSecurityJobs: SecurityJob[] = [
     earliestTimestampMs: 1569812391387,
     latestResultsTimestampMs: 1571022900000,
     isSingleMetricViewerJob: true,
-    moduleId: 'siem_auditbeat',
+    moduleId: 'security_linux_v3',
     defaultIndexPattern: 'auditbeat-*',
     isCompatible: true,
     isInstalled: true,
@@ -533,7 +533,7 @@ export const mockSecurityJobs: SecurityJob[] = [
     datafeedIndices: ['auditbeat-*'],
     datafeedState: 'stopped',
     isSingleMetricViewerJob: true,
-    moduleId: 'siem_auditbeat',
+    moduleId: 'security_linux_v3',
     defaultIndexPattern: 'auditbeat-*',
     isCompatible: true,
     isInstalled: true,
@@ -555,7 +555,7 @@ export const mockSecurityJobs: SecurityJob[] = [
     description: 'SIEM Winlogbeat: Detect unusually rare processes on Windows (beta)',
     groups: ['process', 'siem', 'winlogbeat'],
     defaultIndexPattern: 'winlogbeat-*',
-    moduleId: 'siem_winlogbeat',
+    moduleId: 'security_windows_v3',
     isCompatible: false,
     isInstalled: false,
     isElasticJob: true,

@@ -46,7 +46,7 @@ describe('useSecurityJobs', () => {
       (checkRecognizer as jest.Mock).mockResolvedValue(checkRecognizerSuccess);
     });
 
-    it.skip('combines multiple ML calls into an array of SecurityJobs', async () => {
+    it('combines multiple ML calls into an array of SecurityJobs', async () => {
       const expectedSecurityJob: SecurityJob = {
         datafeedId: 'datafeed-siem-api-rare_process_linux_ecs',
         datafeedIndices: ['auditbeat-*'],
@@ -78,15 +78,15 @@ describe('useSecurityJobs', () => {
       expect(result.current.jobs).toEqual(expect.arrayContaining([expectedSecurityJob]));
     });
 
-    it.skip('returns those permissions', async () => {
+    it('returns those permissions', async () => {
       const { result, waitForNextUpdate } = renderHook(() => useSecurityJobs(false));
       await waitForNextUpdate();
 
       expect(result.current.isMlAdmin).toEqual(true);
       expect(result.current.isLicensed).toEqual(true);
     });
 
-    it.skip('renders a toast error if an ML call fails', async () => {
+    it('renders a toast error if an ML call fails', async () => {
       (getModules as jest.Mock).mockRejectedValue('whoops');
       const { waitForNextUpdate } = renderHook(() => useSecurityJobs(false));
       await waitForNextUpdate();
@@ -103,7 +103,7 @@ describe('useSecurityJobs', () => {
       (hasMlLicense as jest.Mock).mockReturnValue(false);
     });
 
-    it.skip('returns empty jobs and false predicates', () => {
+    it('returns empty jobs and false predicates', () => {
       const { result } = renderHook(() => useSecurityJobs(false));
 
       expect(result.current.jobs).toEqual([]);

@@ -23,7 +23,7 @@ import {
 
 describe('useSecurityJobsHelpers', () => {
   describe('moduleToSecurityJob', () => {
-    test.skip('correctly converts module to SecurityJob', () => {
+    test('correctly converts module to SecurityJob', () => {
       const securityJob = moduleToSecurityJob(
         mockGetModuleResponse[0],
         mockGetModuleResponse[0].jobs[0],
@@ -47,56 +47,56 @@ describe('useSecurityJobsHelpers', () => {
         jobState: 'closed',
         jobTags: {},
         memory_status: '',
-        moduleId: 'siem_auditbeat',
+        moduleId: 'security_linux_v3',
         processed_record_count: 0,
       });
     });
 
     describe('getAugmentedFields', () => {
-      test.skip('return correct augmented fields for given matching compatible modules', () => {
-        const moduleJobs = getModuleJobs(mockGetModuleResponse, ['siem_auditbeat']);
+      test('return correct augmented fields for given matching compatible modules', () => {
+        const moduleJobs = getModuleJobs(mockGetModuleResponse, ['security_linux_v3']);
         const augmentedFields = getAugmentedFields('rare_process_by_host_linux', moduleJobs, [
-          'siem_auditbeat',
+          'security_linux_v3',
         ]);
         expect(augmentedFields).toEqual({
           defaultIndexPattern: 'auditbeat-*',
           isCompatible: true,
           isElasticJob: true,
-          moduleId: 'siem_auditbeat',
+          moduleId: 'security_linux_v3',
         });
       });
     });
 
     describe('getModuleJobs', () => {
-      test.skip('returns all jobs within a module for a compatible moduleId', () => {
-        const moduleJobs = getModuleJobs(mockGetModuleResponse, ['siem_auditbeat']);
+      test('returns all jobs within a module for a compatible moduleId', () => {
+        const moduleJobs = getModuleJobs(mockGetModuleResponse, ['security_linux_v3']);
         expect(moduleJobs.length).toEqual(3);
       });
     });
 
     describe('getInstalledJobs', () => {
-      test.skip('returns all jobs from jobSummary for a compatible moduleId', () => {
-        const moduleJobs = getModuleJobs(mockGetModuleResponse, ['siem_auditbeat']);
+      test('returns all jobs from jobSummary for a compatible moduleId', () => {
+        const moduleJobs = getModuleJobs(mockGetModuleResponse, ['security_linux_v3']);
         const installedJobs = getInstalledJobs(mockJobsSummaryResponse, moduleJobs, [
-          'siem_auditbeat',
+          'security_linux_v3',
         ]);
         expect(installedJobs.length).toEqual(3);
       });
     });
 
     describe('composeModuleAndInstalledJobs', () => {
-      test.skip('returns correct number of jobs when composing separate module and installed jobs', () => {
-        const moduleJobs = getModuleJobs(mockGetModuleResponse, ['siem_auditbeat']);
+      test('returns correct number of jobs when composing separate module and installed jobs', () => {
+        const moduleJobs = getModuleJobs(mockGetModuleResponse, ['security_linux_v3']);
         const installedJobs = getInstalledJobs(mockJobsSummaryResponse, moduleJobs, [
-          'siem_auditbeat',
+          'security_linux_v3',
         ]);
         const securityJobs = composeModuleAndInstalledJobs(installedJobs, moduleJobs);
         expect(securityJobs.length).toEqual(6);
       });
     });
 
     describe('createSecurityJobs', () => {
-      test.skip('returns correct number of jobs when creating jobs with successful responses', () => {
+      test('returns correct number of jobs when creating jobs with successful responses', () => {
         const securityJobs = createSecurityJobs(
           mockJobsSummaryResponse,
           mockGetModuleResponse,