elastic
diff --git a/‎x-pack/legacy/plugins/siem/common/constants.ts‎
Lines changed: 5 additions & 0 deletions b/‎x-pack/legacy/plugins/siem/common/constants.ts‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/__mocks__/request_context.ts‎
Lines changed: 3 additions & 0 deletions b/‎x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/__mocks__/request_context.ts‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/__mocks__/request_responses.ts‎
Lines changed: 19 additions & 7 deletions b/‎x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/__mocks__/request_responses.ts‎
Lines changed: 19 additions & 7 deletions
diff --git a/‎x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/__mocks__/utils.ts‎
Lines changed: 15 additions & 0 deletions b/‎x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/__mocks__/utils.ts‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/create_rules_bulk_route.test.ts‎
Lines changed: 17 additions & 0 deletions b/‎x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/create_rules_bulk_route.test.ts‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/create_rules_bulk_route.ts‎
Lines changed: 3 additions & 0 deletions b/‎x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/create_rules_bulk_route.ts‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/create_rules_route.test.ts‎
Lines changed: 18 additions & 0 deletions b/‎x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/create_rules_route.test.ts‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/create_rules_route.ts‎
Lines changed: 7 additions & 1 deletion b/‎x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/create_rules_route.ts‎
Lines changed: 7 additions & 1 deletion
diff --git a/‎x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/import_rules_route.test.ts‎
Lines changed: 26 additions & 0 deletions b/‎x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/import_rules_route.test.ts‎
Lines changed: 26 additions & 0 deletions
diff --git a/‎x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/import_rules_route.ts‎
Lines changed: 6 additions & 0 deletions b/‎x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/import_rules_route.ts‎
Lines changed: 6 additions & 0 deletions
@@ -94,4 +94,9 @@ export const DETECTION_ENGINE_QUERY_SIGNALS_URL = `${DETECTION_ENGINE_SIGNALS_UR
  */
 export const UNAUTHENTICATED_USER = 'Unauthenticated';
 
+/*
+  Licensing requirements
+ */
+export const MINIMUM_ML_LICENSE = 'platinum';
+
 export const NOTIFICATION_THROTTLE_RULE = 'rule';
@@ -12,11 +12,13 @@ import {
 } from '../../../../../../../../../src/core/server/mocks';
 import { alertsClientMock } from '../../../../../../../../plugins/alerting/server/mocks';
 import { actionsClientMock } from '../../../../../../../../plugins/actions/server/mocks';
+import { licensingMock } from '../../../../../../../../plugins/licensing/server/mocks';
 
 const createMockClients = () => ({
   actionsClient: actionsClientMock.create(),
   alertsClient: alertsClientMock.create(),
   clusterClient: elasticsearchServiceMock.createScopedClusterClient(),
+  licensing: { license: licensingMock.createLicenseMock() },
   savedObjectsClient: savedObjectsClientMock.create(),
   siemClient: { signalsIndex: 'mockSignalsIndex' },
 });
@@ -33,6 +35,7 @@ const createRequestContextMock = (
       elasticsearch: { ...coreContext.elasticsearch, dataClient: clients.clusterClient },
       savedObjects: { client: clients.savedObjectsClient },
     },
+    licensing: clients.licensing,
     siem: { getSiemClient: jest.fn(() => clients.siemClient) },
   } as unknown) as RequestHandlerContext;
 };
 
@@ -295,18 +295,30 @@ export const getCreateRequest = () =>
     body: typicalPayload(),
   });
 
-export const createMlRuleRequest = () => {
+export const typicalMlRulePayload = () => {
   const { query, language, index, ...mlParams } = typicalPayload();
 
+  return {
+    ...mlParams,
+    type: 'machine_learning',
+    anomaly_threshold: 58,
+    machine_learning_job_id: 'typical-ml-job-id',
+  };
+};
+
+export const createMlRuleRequest = () => {
   return requestMock.create({
     method: 'post',
     path: DETECTION_ENGINE_RULES_URL,
-    body: {
-      ...mlParams,
-      type: 'machine_learning',
-      anomaly_threshold: 50,
-      machine_learning_job_id: 'some-uuid',
-    },
+    body: typicalMlRulePayload(),
+  });
+};
+
+export const createBulkMlRuleRequest = () => {
+  return requestMock.create({
+    method: 'post',
+    path: DETECTION_ENGINE_RULES_URL,
+    body: [typicalMlRulePayload()],
   });
 };
 
 
@@ -23,6 +23,21 @@ export const getSimpleRule = (ruleId = 'rule-1'): Partial<OutputRuleAlertRest> =
   query: 'user.name: root or user.name: admin',
 });
 
+/**
+ * This is a typical ML rule for testing
+ * @param ruleId
+ */
+export const getSimpleMlRule = (ruleId = 'rule-1'): Partial<OutputRuleAlertRest> => ({
+  name: 'Simple Rule Query',
+  description: 'Simple Rule Query',
+  risk_score: 1,
+  rule_id: ruleId,
+  severity: 'high',
+  type: 'machine_learning',
+  anomaly_threshold: 44,
+  machine_learning_job_id: 'some_job_id',
+});
+
 /**
  * This is a typical simple rule for testing that is easy for most basic testing
  * @param ruleId
 
@@ -13,6 +13,7 @@ import {
   getFindResultWithSingleHit,
   getEmptyFindResult,
   getResult,
+  createBulkMlRuleRequest,
 } from '../__mocks__/request_responses';
 import { requestContextMock, serverMock, requestMock } from '../__mocks__';
 import { createRulesBulkRoute } from './create_rules_bulk_route';
@@ -56,6 +57,22 @@ describe('create_rules_bulk', () => {
   });
 
   describe('unhappy paths', () => {
+    it('returns an error object if creating an ML rule with an insufficient license', async () => {
+      (context.licensing.license.hasAtLeast as jest.Mock).mockReturnValue(false);
+
+      const response = await server.inject(createBulkMlRuleRequest(), context);
+      expect(response.status).toEqual(200);
+      expect(response.body).toEqual([
+        {
+          error: {
+            message: 'Your license does not support machine learning. Please upgrade your license.',
+            status_code: 400,
+          },
+          rule_id: 'rule-1',
+        },
+      ]);
+    });
+
     it('returns an error object if the index does not exist', async () => {
       clients.clusterClient.callAsCurrentUser.mockResolvedValue(getEmptyIndex());
       const response = await server.inject(getReadBulkRequest(), context);
 
@@ -19,6 +19,7 @@ import {
   createBulkErrorObject,
   buildRouteValidation,
   buildSiemResponse,
+  validateLicenseForRuleType,
 } from '../utils';
 import { createRulesBulkSchema } from '../schemas/create_rules_bulk_schema';
 import { rulesBulkSchema } from '../schemas/response/rules_bulk_schema';
@@ -90,6 +91,8 @@ export const createRulesBulkRoute = (router: IRouter) => {
             } = payloadRule;
             const ruleIdOrUuid = ruleId ?? uuid.v4();
             try {
+              validateLicenseForRuleType({ license: context.licensing.license, ruleType: type });
+
               const finalIndex = outputIndex ?? siemClient.signalsIndex;
               const indexExists = await getIndexExists(clusterClient.callAsCurrentUser, finalIndex);
               if (!indexExists) {
 
@@ -59,13 +59,31 @@ describe('create_rules', () => {
       expect(response.status).toEqual(404);
       expect(response.body).toEqual({ message: 'Not Found', status_code: 404 });
     });
+
+    it('returns 200 if license is not platinum', async () => {
+      (context.licensing.license.hasAtLeast as jest.Mock).mockReturnValue(false);
+
+      const response = await server.inject(getCreateRequest(), context);
+      expect(response.status).toEqual(200);
+    });
   });
 
   describe('creating an ML Rule', () => {
     it('is successful', async () => {
       const response = await server.inject(createMlRuleRequest(), context);
       expect(response.status).toEqual(200);
     });
+
+    it('rejects the request if licensing is not platinum', async () => {
+      (context.licensing.license.hasAtLeast as jest.Mock).mockReturnValue(false);
+
+      const response = await server.inject(createMlRuleRequest(), context);
+      expect(response.status).toEqual(400);
+      expect(response.body).toEqual({
+        message: 'Your license does not support machine learning. Please upgrade your license.',
+        status_code: 400,
+      });
+    });
   });
 
   describe('creating a Notification if throttle and actions were provided ', () => {
 
@@ -16,7 +16,12 @@ import { ruleStatusSavedObjectType } from '../../rules/saved_object_mappings';
 import { transformValidate } from './validate';
 import { getIndexExists } from '../../index/get_index_exists';
 import { createRulesSchema } from '../schemas/create_rules_schema';
-import { buildRouteValidation, transformError, buildSiemResponse } from '../utils';
+import {
+  buildRouteValidation,
+  transformError,
+  buildSiemResponse,
+  validateLicenseForRuleType,
+} from '../utils';
 import { createNotifications } from '../../notifications/create_notifications';
 
 export const createRulesRoute = (router: IRouter): void => {
@@ -66,6 +71,7 @@ export const createRulesRoute = (router: IRouter): void => {
       const siemResponse = buildSiemResponse(response);
 
       try {
+        validateLicenseForRuleType({ license: context.licensing.license, ruleType: type });
         if (!context.alerting || !context.actions) {
           return siemResponse.error({ statusCode: 404 });
         }
 
@@ -9,6 +9,8 @@ import {
   ruleIdsToNdJsonString,
   rulesToNdJsonString,
   getSimpleRuleWithId,
+  getSimpleRule,
+  getSimpleMlRule,
 } from '../__mocks__/utils';
 import {
   getImportRulesRequest,
@@ -102,6 +104,30 @@ describe('import_rules_route', () => {
   });
 
   describe('unhappy paths', () => {
+    it('returns an error object if creating an ML rule with an insufficient license', async () => {
+      (context.licensing.license.hasAtLeast as jest.Mock).mockReturnValue(false);
+      const rules = [getSimpleRule(), getSimpleMlRule('rule-2')];
+      const hapiStreamWithMlRule = buildHapiStream(rulesToNdJsonString(rules));
+      request = getImportRulesRequest(hapiStreamWithMlRule);
+
+      const response = await server.inject(request, context);
+      expect(response.status).toEqual(200);
+      expect(response.body).toEqual({
+        errors: [
+          {
+            error: {
+              message:
+                'Your license does not support machine learning. Please upgrade your license.',
+              status_code: 400,
+            },
+            rule_id: 'rule-2',
+          },
+        ],
+        success: false,
+        success_count: 1,
+      });
+    });
+
     test('returns error if createPromiseFromStreams throws error', async () => {
       jest
         .spyOn(createRulesStreamFromNdJson, 'createRulesStreamFromNdJson')
 
@@ -24,6 +24,7 @@ import {
   isImportRegular,
   transformError,
   buildSiemResponse,
+  validateLicenseForRuleType,
 } from '../utils';
 import { createRulesStreamFromNdJson } from '../../rules/create_rules_stream_from_ndjson';
 import { ImportRuleAlertRest } from '../../types';
@@ -146,6 +147,11 @@ export const importRulesRoute = (router: IRouter, config: LegacyServices['config
                   } = parsedRule;
 
                   try {
+                    validateLicenseForRuleType({
+                      license: context.licensing.license,
+                      ruleType: type,
+                    });
+
                     const signalsIndex = siemClient.signalsIndex;
                     const indexExists = await getIndexExists(
                       clusterClient.callAsCurrentUser,