Skip to content

Commit 21962bb

Browse files
angoraycelasticmachine
angorayc
and
elasticmachine
committed
[Security Solution] Add unit tests for histograms (#77081)
* init tests * add unit tests for histograms * fix types Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
1 parent da14406 commit 21962bb

20 files changed

Lines changed: 4369 additions & 0 deletions

File tree

x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/__mocks__/index.ts

Lines changed: 2232 additions & 0 deletions
Large diffs are not rendered by default.

x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/index.test.tsx

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
/*
2+
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
3+
* or more contributor license agreements. Licensed under the Elastic License;
4+
* you may not use this file except in compliance with the Elastic License.
5+
*/
6+
7+
import * as buildQuery from './query.host_details.dsl';
8+
import { hostDetails } from '.';
9+
import {
10+
mockOptions,
11+
mockSearchStrategyResponse,
12+
formattedSearchStrategyResponse,
13+
} from './__mocks__';
14+
15+
describe('hostDetails search strategy', () => {
16+
const buildHostDetailsQuery = jest.spyOn(buildQuery, 'buildHostDetailsQuery');
17+
18+
afterEach(() => {
19+
buildHostDetailsQuery.mockClear();
20+
});
21+
22+
describe('buildDsl', () => {
23+
test('should build dsl query', () => {
24+
hostDetails.buildDsl(mockOptions);
25+
expect(buildHostDetailsQuery).toHaveBeenCalledWith(mockOptions);
26+
});
27+
});
28+
29+
describe('parse', () => {
30+
test('should parse data correctly', async () => {
31+
const result = await hostDetails.parse(mockOptions, mockSearchStrategyResponse);
32+
expect(result).toMatchObject(formattedSearchStrategyResponse);
33+
});
34+
});
35+
});

x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/hosts/details/query.host_details.dsl.test.ts

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
/*
2+
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
3+
* or more contributor license agreements. Licensed under the Elastic License;
4+
* you may not use this file except in compliance with the Elastic License.
5+
*/
6+
import { buildHostDetailsQuery as buildQuery } from './query.host_details.dsl';
7+
import { mockOptions, expectedDsl } from './__mocks__/';
8+
9+
describe('buildQuery', () => {
10+
test('build query from options correctly', () => {
11+
expect(buildQuery(mockOptions)).toEqual(expectedDsl);
12+
});
13+
});

x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/__mocks__/index.ts

Lines changed: 1305 additions & 0 deletions
Large diffs are not rendered by default.

x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/alerts/__mocks__/index.ts

Lines changed: 87 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,87 @@
1+
/*
2+
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
3+
* or more contributor license agreements. Licensed under the Elastic License;
4+
* you may not use this file except in compliance with the Elastic License.
5+
*/
6+
7+
import { MatrixHistogramType } from '../../../../../../../common/search_strategy';
8+
9+
export const mockOptions = {
10+
defaultIndex: [
11+
'apm-*-transaction*',
12+
'auditbeat-*',
13+
'endgame-*',
14+
'filebeat-*',
15+
'logs-*',
16+
'packetbeat-*',
17+
'winlogbeat-*',
18+
],
19+
filterQuery:
20+
'{"bool":{"must":[],"filter":[{"match_all":{}},{"bool":{"filter":[{"bool":{"should":[{"exists":{"field":"host.name"}}],"minimum_should_match":1}}]}}],"should":[],"must_not":[]}}',
21+
histogramType: MatrixHistogramType.alerts,
22+
timerange: { interval: '12h', from: '2020-09-08T14:23:04.482Z', to: '2020-09-09T14:23:04.482Z' },
23+
stackByField: 'event.module',
24+
};
25+
26+
export const expectedDsl = {
27+
index: [
28+
'apm-*-transaction*',
29+
'auditbeat-*',
30+
'endgame-*',
31+
'filebeat-*',
32+
'logs-*',
33+
'packetbeat-*',
34+
'winlogbeat-*',
35+
],
36+
allowNoIndices: true,
37+
ignoreUnavailable: true,
38+
body: {
39+
aggregations: {
40+
alertsGroup: {
41+
terms: {
42+
field: 'event.module',
43+
missing: 'All others',
44+
order: { _count: 'desc' },
45+
size: 10,
46+
},
47+
aggs: {
48+
alerts: {
49+
date_histogram: {
50+
field: '@timestamp',
51+
fixed_interval: '2700000ms',
52+
min_doc_count: 0,
53+
extended_bounds: { min: 1599574984482, max: 1599661384482 },
54+
},
55+
},
56+
},
57+
},
58+
},
59+
query: {
60+
bool: {
61+
filter: [
62+
'{"bool":{"must":[],"filter":[{"match_all":{}},{"bool":{"filter":[{"bool":{"should":[{"exists":{"field":"host.name"}}],"minimum_should_match":1}}]}}],"should":[],"must_not":[]}}',
63+
{
64+
bool: {
65+
filter: [
66+
{
67+
bool: { should: [{ match: { 'event.kind': 'alert' } }], minimum_should_match: 1 },
68+
},
69+
],
70+
},
71+
},
72+
{
73+
range: {
74+
'@timestamp': {
75+
gte: '2020-09-08T14:23:04.482Z',
76+
lte: '2020-09-09T14:23:04.482Z',
77+
format: 'strict_date_optional_time',
78+
},
79+
},
80+
},
81+
],
82+
},
83+
},
84+
size: 0,
85+
track_total_hits: true,
86+
},
87+
};

x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/alerts/index.test.ts

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
/*
2+
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
3+
* or more contributor license agreements. Licensed under the Elastic License;
4+
* you may not use this file except in compliance with the Elastic License.
5+
*/
6+
7+
import { alertsMatrixHistogramConfig } from '.';
8+
import { buildAlertsHistogramQuery } from './query.alerts_histogram.dsl';
9+
10+
jest.mock('./query.alerts_histogram.dsl', () => ({
11+
buildAlertsHistogramQuery: jest.fn(),
12+
}));
13+
14+
describe('alertsMatrixHistogramConfig', () => {
15+
test('should export alertsMatrixHistogramConfig corrrectly', () => {
16+
expect(alertsMatrixHistogramConfig).toEqual({
17+
aggName: 'aggregations.alertsGroup.buckets',
18+
parseKey: 'alerts.buckets',
19+
buildDsl: buildAlertsHistogramQuery,
20+
});
21+
});
22+
});

x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/alerts/query.alerts_histogram.dsl.test.ts

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
/*
2+
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
3+
* or more contributor license agreements. Licensed under the Elastic License;
4+
* you may not use this file except in compliance with the Elastic License.
5+
*/
6+
import { buildAlertsHistogramQuery } from './query.alerts_histogram.dsl';
7+
import { mockOptions, expectedDsl } from './__mocks__/';
8+
9+
describe('buildAlertsHistogramQuery', () => {
10+
test('build query from options correctly', () => {
11+
expect(buildAlertsHistogramQuery(mockOptions)).toEqual(expectedDsl);
12+
});
13+
});

x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/anomalies/__mocks__/index.ts

Lines changed: 73 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,73 @@
1+
/*
2+
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
3+
* or more contributor license agreements. Licensed under the Elastic License;
4+
* you may not use this file except in compliance with the Elastic License.
5+
*/
6+
7+
import { MatrixHistogramType } from '../../../../../../../common/search_strategy';
8+
9+
export const mockOptions = {
10+
defaultIndex: [
11+
'apm-*-transaction*',
12+
'auditbeat-*',
13+
'endgame-*',
14+
'filebeat-*',
15+
'logs-*',
16+
'packetbeat-*',
17+
'winlogbeat-*',
18+
],
19+
filterQuery:
20+
'{"bool":{"must":[],"filter":[{"match_all":{}},{"bool":{"should":[],"minimum_should_match":1}},{"match_phrase":{"result_type":"record"}},null,{"range":{"record_score":{"gte":50}}}],"should":[{"exists":{"field":"source.ip"}},{"exists":{"field":"destination.ip"}}],"must_not":[],"minimum_should_match":1}}',
21+
histogramType: MatrixHistogramType.anomalies,
22+
timerange: { interval: '12h', from: '2020-09-08T15:14:35.566Z', to: '2020-09-09T15:14:35.566Z' },
23+
stackByField: 'job_id',
24+
};
25+
26+
export const expectedDsl = {
27+
index: [
28+
'apm-*-transaction*',
29+
'auditbeat-*',
30+
'endgame-*',
31+
'filebeat-*',
32+
'logs-*',
33+
'packetbeat-*',
34+
'winlogbeat-*',
35+
],
36+
allowNoIndices: true,
37+
ignoreUnavailable: true,
38+
body: {
39+
aggs: {
40+
anomalyActionGroup: {
41+
terms: { field: 'job_id', order: { _count: 'desc' }, size: 10 },
42+
aggs: {
43+
anomalies: {
44+
date_histogram: {
45+
field: 'timestamp',
46+
fixed_interval: '2700000ms',
47+
min_doc_count: 0,
48+
extended_bounds: { min: 1599578075566, max: 1599664475566 },
49+
},
50+
},
51+
},
52+
},
53+
},
54+
query: {
55+
bool: {
56+
filter: [
57+
'{"bool":{"must":[],"filter":[{"match_all":{}},{"bool":{"should":[],"minimum_should_match":1}},{"match_phrase":{"result_type":"record"}},null,{"range":{"record_score":{"gte":50}}}],"should":[{"exists":{"field":"source.ip"}},{"exists":{"field":"destination.ip"}}],"must_not":[],"minimum_should_match":1}}',
58+
{
59+
range: {
60+
timestamp: {
61+
gte: '2020-09-08T15:14:35.566Z',
62+
lte: '2020-09-09T15:14:35.566Z',
63+
format: 'strict_date_optional_time',
64+
},
65+
},
66+
},
67+
],
68+
},
69+
},
70+
size: 0,
71+
track_total_hits: true,
72+
},
73+
};

x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/anomalies/index.test.ts

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
/*
2+
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
3+
* or more contributor license agreements. Licensed under the Elastic License;
4+
* you may not use this file except in compliance with the Elastic License.
5+
*/
6+
7+
import { anomaliesMatrixHistogramConfig } from '.';
8+
import { buildAnomaliesHistogramQuery } from './query.anomalies_histogram.dsl';
9+
10+
jest.mock('./query.anomalies_histogram.dsl', () => ({
11+
buildAnomaliesHistogramQuery: jest.fn(),
12+
}));
13+
14+
describe('anomaliesMatrixHistogramConfig', () => {
15+
test('should export anomaliesMatrixHistogramConfig corrrectly', () => {
16+
expect(anomaliesMatrixHistogramConfig).toEqual({
17+
aggName: 'aggregations.anomalyActionGroup.buckets',
18+
parseKey: 'anomalies.buckets',
19+
buildDsl: buildAnomaliesHistogramQuery,
20+
});
21+
});
22+
});

x-pack/plugins/security_solution/server/search_strategy/security_solution/factory/matrix_histogram/anomalies/query.anomalies_histogram.dsl.test.ts

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
/*
2+
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
3+
* or more contributor license agreements. Licensed under the Elastic License;
4+
* you may not use this file except in compliance with the Elastic License.
5+
*/
6+
import { buildAnomaliesHistogramQuery } from './query.anomalies_histogram.dsl';
7+
import { mockOptions, expectedDsl } from './__mocks__';
8+
9+
describe('buildAnomaliesHistogramQuery', () => {
10+
test('build query from options correctly', () => {
11+
expect(buildAnomaliesHistogramQuery(mockOptions)).toEqual(expectedDsl);
12+
});
13+
});

0 commit comments

Comments
 (0)