elastic
diff --git a/‎x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts‎
Lines changed: 243 additions & 184 deletions b/‎x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_bulk_actions/trial_license_complete_tier/perform_bulk_action.ts‎
Lines changed: 243 additions & 184 deletions
diff --git a/‎x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules.ts‎
Lines changed: 27 additions & 5 deletions b/‎x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules.ts‎
Lines changed: 27 additions & 5 deletions
diff --git a/‎x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules_bulk.ts‎
Lines changed: 27 additions & 5 deletions b/‎x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/basic_license_essentials_tier/create_rules_bulk.ts‎
Lines changed: 27 additions & 5 deletions
diff --git a/‎x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/trial_license_complete_tier/create_rules.ts‎
Lines changed: 0 additions & 22 deletions b/‎x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_creation/trial_license_complete_tier/create_rules.ts‎
Lines changed: 0 additions & 22 deletions
diff --git a/‎x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/export_rules.ts‎
Lines changed: 18 additions & 38 deletions b/‎x-pack/test/security_solution_api_integration/test_suites/detections_response/rules_management/rule_import_export/basic_license_essentials_tier/export_rules.ts‎
Lines changed: 18 additions & 38 deletions
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import expect from '@kbn/expect';
+import expect from 'expect';
 import { RuleCreateProps } from '@kbn/security-solution-plugin/common/api/detection_engine';
 
 import {
@@ -16,6 +16,7 @@ import {
   removeServerGeneratedPropertiesIncludingRuleId,
   updateUsername,
   getSimpleRuleOutput,
+  getCustomQueryRuleParams,
 } from '../../../utils';
 import {
   createAlertsIndex,
@@ -65,7 +66,28 @@ export default ({ getService }: FtrProviderContext) => {
         const bodyToCompare = removeServerGeneratedProperties(body);
         const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
 
-        expect(bodyToCompare).to.eql(expectedRule);
+        expect(bodyToCompare).toEqual(expectedRule);
+      });
+
+      it('should create a rule with defaultable fields', async () => {
+        const expectedRule = getCustomQueryRuleParams({
+          rule_id: 'rule-1',
+          setup: '# some setup markdown',
+        });
+
+        const { body: createdRuleResponse } = await securitySolutionApi
+          .createRule({ body: expectedRule })
+          .expect(200);
+
+        expect(createdRuleResponse).toMatchObject(expectedRule);
+
+        const { body: createdRule } = await securitySolutionApi
+          .readRule({
+            query: { rule_id: 'rule-1' },
+          })
+          .expect(200);
+
+        expect(createdRule).toMatchObject(expectedRule);
       });
 
       it('should create a single rule without an input index', async () => {
@@ -120,7 +142,7 @@ export default ({ getService }: FtrProviderContext) => {
           ELASTICSEARCH_USERNAME
         );
 
-        expect(bodyToCompare).to.eql(expectedRule);
+        expect(bodyToCompare).toEqual(expectedRule);
       });
 
       it('should create a single rule without a rule_id', async () => {
@@ -134,7 +156,7 @@ export default ({ getService }: FtrProviderContext) => {
           ELASTICSEARCH_USERNAME
         );
 
-        expect(bodyToCompare).to.eql(expectedRule);
+        expect(bodyToCompare).toEqual(expectedRule);
       });
 
       it('should cause a 409 conflict if we attempt to create the same rule_id twice', async () => {
@@ -144,7 +166,7 @@ export default ({ getService }: FtrProviderContext) => {
           .createRule({ body: getSimpleRule() })
           .expect(409);
 
-        expect(body).to.eql({
+        expect(body).toEqual({
           message: 'rule_id: "rule-1" already exists',
           status_code: 409,
         });
 
@@ -5,11 +5,12 @@
  * 2.0.
  */
 
-import expect from '@kbn/expect';
+import expect from 'expect';
 
 import { EsArchivePathBuilder } from '../../../../../es_archive_path_builder';
 import { FtrProviderContext } from '../../../../../ftr_provider_context';
 import {
+  getCustomQueryRuleParams,
   getSimpleRule,
   getSimpleRuleOutput,
   getSimpleRuleOutputWithoutRuleId,
@@ -64,7 +65,28 @@ export default ({ getService }: FtrProviderContext): void => {
         const bodyToCompare = removeServerGeneratedProperties(body[0]);
         const expectedRule = updateUsername(getSimpleRuleOutput(), ELASTICSEARCH_USERNAME);
 
-        expect(bodyToCompare).to.eql(expectedRule);
+        expect(bodyToCompare).toEqual(expectedRule);
+      });
+
+      it('should create a rule with defaultable fields', async () => {
+        const expectedRule = getCustomQueryRuleParams({
+          rule_id: 'rule-1',
+          setup: '# some setup markdown',
+        });
+
+        const { body: createdRulesBulkResponse } = await securitySolutionApi
+          .bulkCreateRules({ body: [expectedRule] })
+          .expect(200);
+
+        expect(createdRulesBulkResponse[0]).toMatchObject(expectedRule);
+
+        const { body: createdRule } = await securitySolutionApi
+          .readRule({
+            query: { rule_id: 'rule-1' },
+          })
+          .expect(200);
+
+        expect(createdRule).toMatchObject(expectedRule);
       });
 
       it('should create a single rule without a rule_id', async () => {
@@ -78,15 +100,15 @@ export default ({ getService }: FtrProviderContext): void => {
           ELASTICSEARCH_USERNAME
         );
 
-        expect(bodyToCompare).to.eql(expectedRule);
+        expect(bodyToCompare).toEqual(expectedRule);
       });
 
       it('should return a 200 ok but have a 409 conflict if we attempt to create the same rule_id twice', async () => {
         const { body } = await securitySolutionApi
           .bulkCreateRules({ body: [getSimpleRule(), getSimpleRule()] })
           .expect(200);
 
-        expect(body).to.eql([
+        expect(body).toEqual([
           {
             error: {
               message: 'rule_id: "rule-1" already exists',
@@ -104,7 +126,7 @@ export default ({ getService }: FtrProviderContext): void => {
           .bulkCreateRules({ body: [getSimpleRule()] })
           .expect(200);
 
-        expect(body).to.eql([
+        expect(body).toEqual([
           {
             error: {
               message: 'rule_id: "rule-1" already exists',
 
@@ -691,27 +691,5 @@ export default ({ getService }: FtrProviderContext) => {
         });
       });
     });
-
-    describe('setup guide', async () => {
-      beforeEach(async () => {
-        await deleteAllAlerts(supertest, log, es);
-        await deleteAllRules(supertest, log);
-      });
-
-      it('creates a rule with a setup guide when setup parameter is present', async () => {
-        const { body } = await supertest
-          .post(DETECTION_ENGINE_RULES_URL)
-          .set('kbn-xsrf', 'true')
-          .set('elastic-api-version', '2023-10-31')
-          .send(
-            getCustomQueryRuleParams({
-              setup: 'A setup guide',
-            })
-          )
-          .expect(200);
-
-        expect(body.setup).toEqual('A setup guide');
-      });
-    });
   });
 };
@@ -7,41 +7,28 @@
 
 import expect from 'expect';
 
-import { DETECTION_ENGINE_RULES_URL } from '@kbn/security-solution-plugin/common/constants';
 import { BaseDefaultableFields } from '@kbn/security-solution-plugin/common/api/detection_engine';
 import { FtrProviderContext } from '../../../../../ftr_provider_context';
 import { binaryToString, getCustomQueryRuleParams } from '../../../utils';
-import {
-  createRule,
-  createAlertsIndex,
-  deleteAllRules,
-  deleteAllAlerts,
-} from '../../../../../../common/utils/security_solution';
+import { deleteAllRules } from '../../../../../../common/utils/security_solution';
 export default ({ getService }: FtrProviderContext): void => {
   const supertest = getService('supertest');
   const log = getService('log');
-  const es = getService('es');
   const securitySolutionApi = getService('securitySolutionApi');
 
   describe('@ess @serverless export_rules', () => {
     describe('exporting rules', () => {
-      beforeEach(async () => {
-        await createAlertsIndex(supertest, log);
-      });
-
       afterEach(async () => {
-        await deleteAllAlerts(supertest, log, es);
         await deleteAllRules(supertest, log);
       });
 
       it('should set the response content types to be expected', async () => {
-        await createRule(supertest, log, getCustomQueryRuleParams());
+        const ruleToExport = getCustomQueryRuleParams();
+
+        await securitySolutionApi.createRule({ body: ruleToExport });
 
-        await supertest
-          .post(`${DETECTION_ENGINE_RULES_URL}/_export`)
-          .set('kbn-xsrf', 'true')
-          .set('elastic-api-version', '2023-10-31')
-          .send()
+        await securitySolutionApi
+          .exportRules({ query: {}, body: null })
           .expect(200)
           .expect('Content-Type', 'application/ndjson')
           .expect('Content-Disposition', 'attachment; filename="export.ndjson"');
@@ -50,13 +37,10 @@ export default ({ getService }: FtrProviderContext): void => {
       it('should export a single rule with a rule_id', async () => {
         const ruleToExport = getCustomQueryRuleParams();
 
-        await createRule(supertest, log, ruleToExport);
+        await securitySolutionApi.createRule({ body: ruleToExport });
 
-        const { body } = await supertest
-          .post(`${DETECTION_ENGINE_RULES_URL}/_export`)
-          .set('kbn-xsrf', 'true')
-          .set('elastic-api-version', '2023-10-31')
-          .send()
+        const { body } = await securitySolutionApi
+          .exportRules({ query: {}, body: null })
           .expect(200)
           .parse(binaryToString);
 
@@ -84,13 +68,12 @@ export default ({ getService }: FtrProviderContext): void => {
       });
 
       it('should have export summary reflecting a number of rules', async () => {
-        await createRule(supertest, log, getCustomQueryRuleParams());
+        const ruleToExport = getCustomQueryRuleParams();
+
+        await securitySolutionApi.createRule({ body: ruleToExport });
 
-        const { body } = await supertest
-          .post(`${DETECTION_ENGINE_RULES_URL}/_export`)
-          .set('kbn-xsrf', 'true')
-          .set('elastic-api-version', '2023-10-31')
-          .send()
+        const { body } = await securitySolutionApi
+          .exportRules({ query: {}, body: null })
           .expect(200)
           .parse(binaryToString);
 
@@ -108,14 +91,11 @@ export default ({ getService }: FtrProviderContext): void => {
         const ruleToExport1 = getCustomQueryRuleParams({ rule_id: 'rule-1' });
         const ruleToExport2 = getCustomQueryRuleParams({ rule_id: 'rule-2' });
 
-        await createRule(supertest, log, ruleToExport1);
-        await createRule(supertest, log, ruleToExport2);
+        await securitySolutionApi.createRule({ body: ruleToExport1 });
+        await securitySolutionApi.createRule({ body: ruleToExport2 });
 
-        const { body } = await supertest
-          .post(`${DETECTION_ENGINE_RULES_URL}/_export`)
-          .set('kbn-xsrf', 'true')
-          .set('elastic-api-version', '2023-10-31')
-          .send()
+        const { body } = await securitySolutionApi
+          .exportRules({ query: {}, body: null })
           .expect(200)
           .parse(binaryToString);