[SIEM] View signal in default timeline (#62616)

* adds test data

* adds 'View a signal in timeline' test

* implements test

* fixes implementation

* changes view signal for investigate signal

Author: MadameSheema

x-pack/legacy/plugins/siem/cypress/integration/detections_timeline.spec.ts

@@ -0,0 +1,43 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { SIGNAL_ID } from '../screens/detections';
+import { PROVIDER_BADGE } from '../screens/timeline';
+
+import {
+  expandFirstSignal,
+  investigateFirstSignalInTimeline,
+  waitForSignalsPanelToBeLoaded,
+} from '../tasks/detections';
+import { esArchiverLoad, esArchiverUnload } from '../tasks/es_archiver';
+import { loginAndWaitForPage } from '../tasks/login';
+
+import { DETECTIONS } from '../urls/navigation';
+
+describe('Detections timeline', () => {
+  beforeEach(() => {
+    esArchiverLoad('timeline_signals');
+    loginAndWaitForPage(DETECTIONS);
+  });
+
+  afterEach(() => {
+    esArchiverUnload('timeline_signals');
+  });
+
+  it('Investigate signal in default timeline', () => {
+    waitForSignalsPanelToBeLoaded();
+    expandFirstSignal();
+    cy.get(SIGNAL_ID)
+      .first()
+      .invoke('text')
+      .then(eventId => {
+        investigateFirstSignalInTimeline();
+        cy.get(PROVIDER_BADGE)
+          .invoke('text')
+          .should('eql', `_id: "${eventId}"`);
+      });
+  });
+});

x-pack/legacy/plugins/siem/cypress/objects/timeline.ts

@@ -0,0 +1,10 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+interface Timeline {
+  title: string;
+  query: string;
+}

x-pack/legacy/plugins/siem/cypress/screens/detections.ts

@@ -6,6 +6,8 @@
 
 export const CLOSED_SIGNALS_BTN = '[data-test-subj="closedSignals"]';
 
+export const EXPAND_SIGNAL_BTN = '[data-test-subj="expand-event"]';
+
 export const LOADING_SIGNALS_PANEL = '[data-test-subj="loading-signals-panel"]';
 
 export const MANAGE_SIGNAL_DETECTION_RULES_BTN = '[data-test-subj="manage-signal-detection-rules"]';
@@ -20,8 +22,12 @@ export const OPENED_SIGNALS_BTN = '[data-test-subj="openSignals"]';
 
 export const SELECTED_SIGNALS = '[data-test-subj="selectedSignals"]';
 
+export const SEND_SIGNAL_TO_TIMELINE_BTN = '[data-test-subj="send-signal-to-timeline-button"]';
+
 export const SHOWING_SIGNALS = '[data-test-subj="showingSignals"]';
 
 export const SIGNALS = '[data-test-subj="event"]';
 
+export const SIGNAL_ID = '[data-test-subj="draggable-content-_id"]';
+
 export const SIGNAL_CHECKBOX = '[data-test-subj="select-event-container"] .euiCheckbox__input';

x-pack/legacy/plugins/siem/cypress/screens/timeline.ts

@@ -14,6 +14,8 @@ export const ID_FIELD = '[data-test-subj="timeline"] [data-test-subj="field-name
 
 export const ID_TOGGLE_FIELD = '[data-test-subj="toggle-field-_id"]';
 
+export const PROVIDER_BADGE = '[data-test-subj="providerBadge"]';
+
 export const SEARCH_OR_FILTER_CONTAINER =
   '[data-test-subj="timeline-search-or-filter-search-container"]';
 

x-pack/legacy/plugins/siem/cypress/tasks/detections.ts

@@ -6,11 +6,13 @@
 
 import {
   CLOSED_SIGNALS_BTN,
+  EXPAND_SIGNAL_BTN,
   LOADING_SIGNALS_PANEL,
   MANAGE_SIGNAL_DETECTION_RULES_BTN,
   OPEN_CLOSE_SIGNAL_BTN,
   OPEN_CLOSE_SIGNALS_BTN,
   OPENED_SIGNALS_BTN,
+  SEND_SIGNAL_TO_TIMELINE_BTN,
   SIGNALS,
   SIGNAL_CHECKBOX,
 } from '../screens/detections';
@@ -26,6 +28,12 @@ export const closeSignals = () => {
   cy.get(OPEN_CLOSE_SIGNALS_BTN).click({ force: true });
 };
 
+export const expandFirstSignal = () => {
+  cy.get(EXPAND_SIGNAL_BTN)
+    .first()
+    .click({ force: true });
+};
+
 export const goToClosedSignals = () => {
   cy.get(CLOSED_SIGNALS_BTN).click({ force: true });
 };
@@ -58,6 +66,12 @@ export const selectNumberOfSignals = (numberOfSignals: number) => {
   }
 };
 
+export const investigateFirstSignalInTimeline = () => {
+  cy.get(SEND_SIGNAL_TO_TIMELINE_BTN)
+    .first()
+    .click({ force: true });
+};
+
 export const waitForSignals = () => {
   cy.get(REFRESH_BUTTON)
     .invoke('text')