[Security Solution] Add cypress test to EA and D&R search bar query (#157149)

## Summary

Add cypress tests for EA and D&R search bar query.


### Checklist


- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

---------

Co-authored-by: Angela Chuang <6295984+angorayc@users.noreply.github.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>

Author: 3 people

x-pack/plugins/security_solution/cypress/e2e/dashboards/detection_response.cy.ts

@@ -13,6 +13,7 @@ import {
 } from '../../screens/common/filter_group';
 
 import {
+  ALERTS_DONUT_CHART,
   HOST_TABLE_HOST_NAME_BTN,
   HOST_TABLE_ROW_SEV,
   HOST_TABLE_ROW_TOTAL_ALERTS,
@@ -31,17 +32,63 @@ import { cleanKibana } from '../../tasks/common';
 import { investigateDashboardItemInTimeline } from '../../tasks/dashboards/common';
 import { waitToNavigateAwayFrom } from '../../tasks/kibana_navigation';
 import { login, visit } from '../../tasks/login';
-import { navigateFromHeaderTo } from '../../tasks/security_header';
+import { clearSearchBar, kqlSearch, navigateFromHeaderTo } from '../../tasks/security_header';
 import { closeTimeline } from '../../tasks/timeline';
 import { ALERTS_URL, DASHBOARDS_URL, DETECTIONS_RESPONSE_URL } from '../../urls/navigation';
 
+const TEST_USER_NAME = 'test';
+const SIEM_KIBANA_HOST_NAME = 'siem-kibana';
+
 describe('Detection response view', () => {
   before(() => {
     cleanKibana();
     login();
     createRule(getNewRule());
     visit(DETECTIONS_RESPONSE_URL);
   });
+
+  context('KQL search bar', { testIsolation: false }, () => {
+    it(`filters out hosts with KQL search bar query`, () => {
+      kqlSearch(`host.name : fakeHostName{enter}`);
+
+      cy.get(HOST_TABLE_ROW_TOTAL_ALERTS).should('have.length', 0);
+      cy.get(RULE_TABLE_ROW_TOTAL_ALERTS).should('have.length', 0);
+      cy.get(ALERTS_DONUT_CHART).first().should('have.text', 'Open');
+
+      clearSearchBar();
+    });
+
+    it(`finds the host when filtering with KQL search bar query`, () => {
+      kqlSearch(`host.name : ${SIEM_KIBANA_HOST_NAME}{enter}`);
+
+      cy.get(HOST_TABLE_ROW_TOTAL_ALERTS).should('have.length', 1);
+      cy.get(RULE_TABLE_ROW_TOTAL_ALERTS).should('have.text', 2);
+      cy.get(ALERTS_DONUT_CHART).first().should('include.text', '2Open');
+
+      clearSearchBar();
+    });
+
+    it(`filters out the users with KQL search bar query`, () => {
+      kqlSearch(`user.name : fakeUserName{enter}`);
+
+      cy.get(USER_TABLE_ROW_TOTAL_ALERTS).should('have.length', 0);
+      cy.get(RULE_TABLE_ROW_TOTAL_ALERTS).should('have.length', 0);
+      cy.get(ALERTS_DONUT_CHART).first().should('have.text', 'Open');
+
+      clearSearchBar();
+    });
+
+    it(`finds the user when filtering with KQL search bar query`, () => {
+      kqlSearch(`user.name : ${TEST_USER_NAME}{enter}`);
+
+      cy.get(USER_TABLE_ROW_TOTAL_ALERTS).should('have.length', 1);
+      cy.get(RULE_TABLE_ROW_TOTAL_ALERTS).should('have.text', 2);
+      cy.get(ALERTS_DONUT_CHART).first().should('include.text', '2Open');
+
+      clearSearchBar();
+    });
+  });
+
   context('Open in timeline', { testIsolation: false }, () => {
     afterEach(() => {
       closeTimeline();
@@ -67,6 +114,7 @@ describe('Detection response view', () => {
             });
         });
     });
+
     it(`opens timeline with correct query count for users by alert severity table`, () => {
       cy.get(USER_TABLE_ROW_TOTAL_ALERTS)
         .first()

x-pack/plugins/security_solution/cypress/e2e/dashboards/entity_analytics.cy.ts

@@ -33,18 +33,21 @@ import {
   ANOMALIES_TABLE_ENABLE_JOB_LOADER,
   ANOMALIES_TABLE_COUNT_COLUMN,
 } from '../../screens/entity_analytics';
-import { openRiskTableFilterAndSelectTheLowOption } from '../../tasks/host_risk';
+import { openRiskTableFilterAndSelectTheLowOption, removeLowFilter } from '../../tasks/host_risk';
 import { createRule } from '../../tasks/api_calls/rules';
 import { waitForAlertsToPopulate } from '../../tasks/create_new_rule';
 import { getNewRule } from '../../objects/rule';
 import { clickOnFirstHostsAlerts, clickOnFirstUsersAlerts } from '../../tasks/risk_scores';
 import { OPTION_LIST_LABELS, OPTION_LIST_VALUES } from '../../screens/common/filter_group';
 import { setRowsPerPageTo } from '../../tasks/table_pagination';
+import { clearSearchBar, kqlSearch } from '../../tasks/security_header';
+import { setEndDate, setEndDateNow, updateDates } from '../../tasks/date_picker';
 
 const TEST_USER_ALERTS = 2;
 const TEST_USER_NAME = 'test';
 const SIEM_KIBANA_HOST_ALERTS = 2;
 const SIEM_KIBANA_HOST_NAME = 'siem-kibana';
+const END_DATE = 'Jan 19, 2019 @ 20:33:29.186';
 
 describe('Entity Analytics Dashboard', () => {
   before(() => {
@@ -145,6 +148,17 @@ describe('Entity Analytics Dashboard', () => {
 
       cy.get(HOSTS_DONUT_CHART).should('include.text', '1Total');
       cy.get(HOSTS_TABLE_ROWS).should('have.length', 1);
+
+      removeLowFilter();
+    });
+
+    it('filters the host risk table with KQL search bar query', () => {
+      kqlSearch(`host.name : ${SIEM_KIBANA_HOST_NAME}{enter}`);
+
+      cy.get(HOSTS_DONUT_CHART).should('include.text', '1Total');
+      cy.get(HOSTS_TABLE_ROWS).should('have.length', 1);
+
+      clearSearchBar();
     });
 
     describe('With alerts data', () => {
@@ -166,6 +180,17 @@ describe('Entity Analytics Dashboard', () => {
         cy.get(HOSTS_TABLE_ALERT_CELL).first().should('include.text', SIEM_KIBANA_HOST_ALERTS);
       });
 
+      it('filters the alerts count with time range', () => {
+        setEndDate(END_DATE);
+        updateDates();
+
+        cy.get(HOSTS_TABLE_ALERT_CELL).first().should('include.text', 0);
+
+        // CLEAR DATES
+        setEndDateNow();
+        updateDates();
+      });
+
       it('opens alerts page when alerts count is clicked', () => {
         clickOnFirstHostsAlerts();
         cy.url().should('include', ALERTS_URL);
@@ -209,6 +234,17 @@ describe('Entity Analytics Dashboard', () => {
 
       cy.get(USERS_DONUT_CHART).should('include.text', '2Total');
       cy.get(USERS_TABLE_ROWS).should('have.length', 2);
+
+      removeLowFilter();
+    });
+
+    it('filters the host risk table with KQL search bar query', () => {
+      kqlSearch(`user.name : ${TEST_USER_NAME}{enter}`);
+
+      cy.get(USERS_DONUT_CHART).should('include.text', '1Total');
+      cy.get(USERS_TABLE_ROWS).should('have.length', 1);
+
+      clearSearchBar();
     });
 
     describe('With alerts data', () => {
@@ -230,6 +266,17 @@ describe('Entity Analytics Dashboard', () => {
         cy.get(USERS_TABLE_ALERT_CELL).first().should('include.text', TEST_USER_ALERTS);
       });
 
+      it('filters the alerts count with time range', () => {
+        setEndDate(END_DATE);
+        updateDates();
+
+        cy.get(USERS_TABLE_ALERT_CELL).first().should('include.text', 0);
+
+        // CLEAR DATES
+        setEndDateNow();
+        updateDates();
+      });
+
       it('opens alerts page when alerts count is clicked', () => {
         clickOnFirstUsersAlerts();
 

x-pack/plugins/security_solution/cypress/screens/date_picker.ts

@@ -15,6 +15,10 @@ export const DATE_PICKER_APPLY_BUTTON_TIMELINE =
 
 export const DATE_PICKER_ABSOLUTE_TAB = '[data-test-subj="superDatePickerAbsoluteTab"]';
 
+export const DATE_PICKER_NOW_TAB = '[data-test-subj="superDatePickerNowTab"]';
+
+export const DATE_PICKER_NOW_BUTTON = '[data-test-subj="superDatePickerNowButton"]';
+
 export const DATE_PICKER_END_DATE_POPOVER_BUTTON =
   '[data-test-subj="globalDatePicker"] [data-test-subj="superDatePickerendDatePopoverButton"]';
 

x-pack/plugins/security_solution/cypress/screens/detection_response.ts

@@ -39,3 +39,6 @@ export const RULE_TABLE_VIEW_ALL_OPEN_ALERTS_BTN = getDataTestSubjectSelector(
 export const RULE_TABLE_ROW_RULE_NAME_BTN = getDataTestSubjectSelector(
   'severityRuleAlertsTable-name'
 );
+
+export const ALERTS_DONUT_CHART =
+  '[data-test-subj="detection-response-alerts-by-status-panel"] [data-test-subj="donut-chart"]';

x-pack/plugins/security_solution/cypress/tasks/date_picker.ts

@@ -17,6 +17,8 @@ import {
   SHOW_DATES_BUTTON,
   DATE_PICKER_START_DATE_POPOVER_BUTTON_TIMELINE,
   DATE_PICKER_SHOW_DATE_POPOVER_BUTTON,
+  DATE_PICKER_NOW_TAB,
+  DATE_PICKER_NOW_BUTTON,
 } from '../screens/date_picker';
 
 export const setEndDate = (date: string) => {
@@ -27,6 +29,14 @@ export const setEndDate = (date: string) => {
   cy.get(DATE_PICKER_ABSOLUTE_INPUT).click().clear().type(date);
 };
 
+export const setEndDateNow = () => {
+  cy.get(DATE_PICKER_END_DATE_POPOVER_BUTTON).click({ force: true });
+
+  cy.get(DATE_PICKER_NOW_TAB).first().click({ force: true });
+
+  cy.get(DATE_PICKER_NOW_BUTTON).click();
+};
+
 export const setStartDate = (date: string) => {
   cy.get(GLOBAL_FILTERS_CONTAINER);
   cy.get('.euiSuperDatePicker');

x-pack/plugins/security_solution/cypress/tasks/host_risk.ts

@@ -30,6 +30,10 @@ export const openRiskTableFilterAndSelectTheLowOption = () => {
   cy.get(HOST_BY_RISK_TABLE_FILTER_LOW).click();
 };
 
+export const removeLowFilter = () => {
+  cy.get(HOST_BY_RISK_TABLE_FILTER_LOW).click();
+};
+
 export const removeCriticalFilter = () => {
   cy.get(HOST_BY_RISK_TABLE_FILTER_CRITICAL).click();
 };