Skip to content

[Security Solution] Tests for prebuilt rule import/export workflow #202079

New issue
Jump to bottom
New issue
Jump to bottom
Open
Open
[Security Solution] Tests for prebuilt rule import/export workflow#202079
Assignees
dplumlee
Labels
8.18 candidateFeature:Prebuilt Detection RulesSecurity Solution Prebuilt Detection Rules areaTeam: SecuritySolutionSecurity Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.Team:Detection Rule ManagementSecurity Detection Rule Management TeamTeam:Detections and RespSecurity Detection Response Teamtesttest-coverageissues & PRs for improving code test coveragetest-planv8.18.0
@banderror

Description

@banderror
banderror
opened on Nov 27, 2024

Epics: https://github.com/elastic/security-team/issues/1974 (internal), #174168

Summary

Write test plans (one or a few) and create a comprehensive suite of automated tests for the workflow of exporting and importing prebuilt rules.

Please note that test plans for prebuilt rule export and import have been already written in #191116, and there is already test coverage for that. What I would like us to do is to review the existing plans, the tests, compare them with the cases described in the RFC, think about any other edge cases, audit the existing plans and coverage, and add anything that's missing.

Features to cover:

  • Export
    • Exporting custom, prebuilt customized, and prebuilt non-customized rules
    • Exporting from the Rule Details page
    • Exporting from the Rule Management page (single and bulk export)
  • Import
    • Importing custom, prebuilt customized, and prebuilt non-customized rules
    • Importing from the Rule Management page
    • Importing when prebuilt rules are not installed yet
    • Importing when prebuilt rules are already installed
    • Importing current versions, older versions, newer versions, non-existing versions (edge cases)
    • Importing rules with known and unknown rule_id's (edge cases)
    • Converting custom rules to prebuilt rules on upgrade (edge case)

Please cover both the features under the feature flag turned ON and OFF.

Related tickets

Related functional tickets to cover with tests:

Related bugs to cover with tests:

Related PRs

Test plans for diff algorithms
Preview Give feedback
  1. [Security Solution] Simple diff algorithm test plan #184484
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp backport:skip release_note:skip test-plan v8.15.0
    dplumlee
  2. [Security Solution] Array of scalar values diff algorithm test plan #186325
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp release_note:skip test-plan v8.15.0 v8.16.0
    dplumlee
  3. [Security Solution] Multi-line string fields diff algorithm test plan #188323
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp backport:skip release_note:skip test-plan v8.16.0
    dplumlee
  4. [Security Solution] data_source field diff algorithm test plan #189669
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp backport:skip release_note:skip test-plan v8.16.0
    dplumlee
  5. [Security Solution] Test plan for query fields diff algorithm #192529
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp release_note:skip test-plan v8.16.0 v9.0.0
    dplumlee
  6. [Security Solution] Test plan for rule type field diff algorithm #193372
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp backport:prev-minor release_note:skip test-plan v8.16.0 v9.0.0
    dplumlee

Test plans for prebuilt rule import/export workflow
Preview Give feedback
  1. [Security Solution] Test plans for prebuilt rule import and export #191116
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp backport:version release_note:skip test-plan v8.17.0 v9.0.0
    rylnd
  2. [Security Solution] Updates test plans for importing and exporting prebuilt rules #204889
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp backport:version release_note:skip test-plan v8.18.0 v9.0.0
    dplumlee

Test coverage for prebuilt rule import/export workflow
Preview Give feedback
  1. [Security Solution] Adds import and export tests for prebuilt rules #206893
    Feature:Prebuilt Detection Rules Team: SecuritySolution Team:Detection Rule Management Team:Detections and Resp backport:version release_note:skip test v8.18.0 v8.19.0 v9.0.0 v9.1.0
    dplumlee

Metadata

Assignees

Labels

8.18 candidateFeature:Prebuilt Detection RulesSecurity Solution Prebuilt Detection Rules areaTeam: SecuritySolutionSecurity Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.Team:Detection Rule ManagementSecurity Detection Rule Management TeamTeam:Detections and RespSecurity Detection Response Teamtesttest-coverageissues & PRs for improving code test coveragetest-planv8.18.0

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions