Skip to content

Commit

Permalink
Merge branch 'main' into backport/backport-1281-to-main
Browse files Browse the repository at this point in the history
  • Loading branch information
kavilla authored May 8, 2024
2 parents 050bab6 + f0ecd77 commit 6a48ecb
Show file tree
Hide file tree
Showing 5 changed files with 33 additions and 27 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
}
],
"log_source": "",
"detection": "selection:\n EventID:\n - 2003\n - 2100\n - 2102\ncondition: selection",
"detection": "selection:\n winlog.event_id:\n - 2003\n - 2100\n - 2102\ncondition: selection",
"level": "high",
"false_positives": [
{
Expand Down
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
{
"EventID": 2003
"winlog.event_id": 2003
}
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"mappings": {
"properties": {
"EventID": {
"winlog.event_id": {
"type": "integer"
},
"winlog.provider_name": {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -239,22 +239,20 @@ describe('Rules', () => {

it('...should validate rule name', () => {
getNameField().sa_containsHelperText(
'Rule name must contain 5-50 characters. Valid characters are a-z, A-Z, 0-9, hyphens, spaces, and underscores'
'Rule name can be max 256 characters.'
);

getNameField().should('be.empty');
getNameField().focus().blur();
getNameField().sa_containsError('Rule name is required');
getNameField().type('text').focus().blur();
getNameField().sa_containsError('Invalid rule name.');

getNameField()
.type('{selectall}')
.type('{backspace}')
.type('tex&')
.type('*$&*#(#*($*($')
.focus()
.blur();
getNameField().sa_containsError('Invalid rule name.');
.blur()
.sa_shouldNotHaveError();

getNameField()
.type('{selectall}')
Expand All @@ -266,17 +264,19 @@ describe('Rules', () => {
});

it('...should validate rule description field', () => {
const invalidDescriptionText = 'This is a invalid % description.';

getDescriptionField().should('be.empty');
getDescriptionField().type(invalidDescriptionText).focus().blur();

const invalidDescription = 'a'.repeat(65535);
getDescriptionField()
.focus()
.invoke('val', invalidDescription)
.type('b')
.blur();

getDescriptionField()
.parents('.euiFormRow__fieldWrapper')
.find('.euiFormErrorText')
.contains(
'Description should only consist of upper and lowercase letters, numbers 0-9, commas, hyphens, periods, spaces, and underscores. Max limit of 65,535 characters.'
);
.contains(`Description has max limit of 65,535 characters.`);

getDescriptionField()
.type('{selectall}')
Expand All @@ -303,20 +303,20 @@ describe('Rules', () => {

getAuthorField().should('be.empty');
getAuthorField().focus().blur();
getAuthorField().sa_containsError('Author name is required');

getAuthorField()
.type('{selectall}')
.type('{backspace}')
.type('tex%')
.focus()
.blur();
let invalidAuthor = '';

for (let i = 0; i < 256; i++) {
invalidAuthor += 'a';
}

getAuthorField().focus().invoke('val', invalidAuthor).type('b').blur();
getAuthorField().sa_containsError('Invalid author.');

getAuthorField()
.type('{selectall}')
.type('{backspace}')
.type('Rule name')
.type('Rule author (@)')
.focus()
.blur()
.sa_shouldNotHaveError();
Expand All @@ -330,7 +330,7 @@ describe('Rules', () => {
getLogTypeField().sa_selectComboboxItem(
getLogTypeLabel(SAMPLE_RULE.logType)
);
getLogTypeField().focus().blur().sa_shouldNotHaveError();
getLogTypeField().focus().click().blur().sa_shouldNotHaveError();
});

it('...should validate rule level field', () => {
Expand Down Expand Up @@ -470,7 +470,6 @@ describe('Rules', () => {

// author field
getAuthorField().sa_clearValue();
toastShouldExist();
getAuthorField().type('John Doe');

// log field
Expand Down Expand Up @@ -512,6 +511,7 @@ describe('Rules', () => {
getMapValueField().type('{selectall}').type('{backspace}')
);
toastShouldExist();

getSelectionPanelByIndex(0).within(() =>
getMapValueField().type('FieldValue')
);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ describe('Alerts', () => {
aliasMappings,
ruleSettings,
indexDoc,
4
docCount
);

// Wait for the detector to execute
Expand Down Expand Up @@ -265,7 +265,11 @@ describe('Alerts', () => {
// The EuiCodeEditor used for this component stores each line of the JSON in an array of elements;
// so this test formats the expected document into an array of strings,
// and matches each entry with the corresponding element line.
const document = JSON.stringify(JSON.parse('{"EventID": 2003}'), null, 2);
const document = JSON.stringify(
JSON.parse('{"winlog.event_id": 2003}'),
null,
2
);
const documentLines = document.split('\n');
cy.get('[data-test-subj="finding-details-flyout-rule-document"]')
.get('[class="euiCodeBlock__line"]')
Expand Down Expand Up @@ -350,6 +354,7 @@ describe('Alerts', () => {
.should('have.length', 2);

// Filter the table to show only "Active" alerts
cy.get('[data-text="Status"]');
cy.get('[class="euiFilterSelect__items"]').within(() => {
cy.contains('Acknowledged').click({ force: true });
cy.contains('Active').click({ force: true });
Expand Down Expand Up @@ -387,6 +392,7 @@ describe('Alerts', () => {
.should('have.length', 1);

// Filter the table to show only "Acknowledged" alerts
cy.get('[data-text="Status"]').click({ force: true });
cy.get('[class="euiFilterSelect__items"]').within(() => {
cy.contains('Active').click({ force: true });
cy.contains('Acknowledged').click({ force: true });
Expand Down

0 comments on commit 6a48ecb

Please sign in to comment.