From 25e8b8df5fa55d23768d3f8d73fefb596101596a Mon Sep 17 00:00:00 2001
From: Amardeepsingh Siglani <amardeep7194@gmail.com>
Date: Tue, 12 Sep 2023 14:33:34 -0700
Subject: [PATCH] updated mappings for test index

Signed-off-by: Amardeepsingh Siglani <amardeep7194@gmail.com>
---
 .../detector/create_usb_detector_mappings_data.json         | 4 ++--
 .../integration_tests/index/add_windows_index_data.json     | 2 +-
 .../integration_tests/index/create_windows_settings.json    | 2 +-
 .../integration_tests/rule/create_windows_usb_rule.json     | 2 +-
 .../sample_alias_mappings.json                              | 4 ++--
 .../sample_document.json                                    | 2 +-
 .../sample_field_mappings.json                              | 4 ++--
 .../sample_windows_index_settings.json                      | 2 +-
 .../security-analytics-dashboards-plugin/3_alerts.spec.js   | 6 +-----
 .../security-analytics-dashboards-plugin/constants.js       | 2 ++
 10 files changed, 14 insertions(+), 16 deletions(-)

diff --git a/cypress/fixtures/plugins/security-analytics-dashboards-plugin/integration_tests/detector/create_usb_detector_mappings_data.json b/cypress/fixtures/plugins/security-analytics-dashboards-plugin/integration_tests/detector/create_usb_detector_mappings_data.json
index 0cad430bc..d87eac971 100644
--- a/cypress/fixtures/plugins/security-analytics-dashboards-plugin/integration_tests/detector/create_usb_detector_mappings_data.json
+++ b/cypress/fixtures/plugins/security-analytics-dashboards-plugin/integration_tests/detector/create_usb_detector_mappings_data.json
@@ -1,8 +1,8 @@
 {
   "properties": {
-    "winlog-event_id": {
+    "winlog.event_id": {
       "type": "alias",
-      "path": "winlog.event_id"
+      "path": "EventID"
     },
     "winlog-provider_name": {
       "type": "alias",
diff --git a/cypress/fixtures/plugins/security-analytics-dashboards-plugin/integration_tests/index/add_windows_index_data.json b/cypress/fixtures/plugins/security-analytics-dashboards-plugin/integration_tests/index/add_windows_index_data.json
index f8b8b4e2e..526859053 100644
--- a/cypress/fixtures/plugins/security-analytics-dashboards-plugin/integration_tests/index/add_windows_index_data.json
+++ b/cypress/fixtures/plugins/security-analytics-dashboards-plugin/integration_tests/index/add_windows_index_data.json
@@ -1,3 +1,3 @@
 {
-  "winlog.event_id": "2003"
+  "EventID": "2003"
 }
diff --git a/cypress/fixtures/plugins/security-analytics-dashboards-plugin/integration_tests/index/create_windows_settings.json b/cypress/fixtures/plugins/security-analytics-dashboards-plugin/integration_tests/index/create_windows_settings.json
index 480f63ba1..02c187caf 100644
--- a/cypress/fixtures/plugins/security-analytics-dashboards-plugin/integration_tests/index/create_windows_settings.json
+++ b/cypress/fixtures/plugins/security-analytics-dashboards-plugin/integration_tests/index/create_windows_settings.json
@@ -1,7 +1,7 @@
 {
   "mappings": {
     "properties": {
-      "winlog.event_id": {
+      "EventID": {
         "type": "integer"
       },
       "winlog.provider_name": {
diff --git a/cypress/fixtures/plugins/security-analytics-dashboards-plugin/integration_tests/rule/create_windows_usb_rule.json b/cypress/fixtures/plugins/security-analytics-dashboards-plugin/integration_tests/rule/create_windows_usb_rule.json
index fb14944c6..897b9dc0e 100644
--- a/cypress/fixtures/plugins/security-analytics-dashboards-plugin/integration_tests/rule/create_windows_usb_rule.json
+++ b/cypress/fixtures/plugins/security-analytics-dashboards-plugin/integration_tests/rule/create_windows_usb_rule.json
@@ -16,7 +16,7 @@
     }
   ],
   "log_source": "",
-  "detection": "selection:\n  winlog-event_id:\n    - 2003\n    - 2100\n    - 2102\ncondition: selection",
+  "detection": "selection:\n  EventID:\n    - 2003\n    - 2100\n    - 2102\ncondition: selection",
   "level": "high",
   "false_positives": [
     {
diff --git a/cypress/fixtures/plugins/security-analytics-dashboards-plugin/sample_alias_mappings.json b/cypress/fixtures/plugins/security-analytics-dashboards-plugin/sample_alias_mappings.json
index e0a1a5f88..e968d6451 100644
--- a/cypress/fixtures/plugins/security-analytics-dashboards-plugin/sample_alias_mappings.json
+++ b/cypress/fixtures/plugins/security-analytics-dashboards-plugin/sample_alias_mappings.json
@@ -1,8 +1,8 @@
 {
   "properties": {
-    "winlog-event_id": {
+    "winlog.event_id": {
       "type": "alias",
-      "path": "winlog.event_id"
+      "path": "EventID"
     }
   }
 }
diff --git a/cypress/fixtures/plugins/security-analytics-dashboards-plugin/sample_document.json b/cypress/fixtures/plugins/security-analytics-dashboards-plugin/sample_document.json
index 521d2f677..9a03f3bb9 100644
--- a/cypress/fixtures/plugins/security-analytics-dashboards-plugin/sample_document.json
+++ b/cypress/fixtures/plugins/security-analytics-dashboards-plugin/sample_document.json
@@ -1,3 +1,3 @@
 {
-  "winlog.event_id": 2003
+  "EventID": 2003
 }
diff --git a/cypress/fixtures/plugins/security-analytics-dashboards-plugin/sample_field_mappings.json b/cypress/fixtures/plugins/security-analytics-dashboards-plugin/sample_field_mappings.json
index ff4eb1830..593d42bb5 100644
--- a/cypress/fixtures/plugins/security-analytics-dashboards-plugin/sample_field_mappings.json
+++ b/cypress/fixtures/plugins/security-analytics-dashboards-plugin/sample_field_mappings.json
@@ -1,7 +1,7 @@
 {
   "properties": {
-    "winlog-event_id": {
-      "path": "winlog.event_id",
+    "winlog.event_id": {
+      "path": "EventID",
       "type": "alias"
     }
   }
diff --git a/cypress/fixtures/plugins/security-analytics-dashboards-plugin/sample_windows_index_settings.json b/cypress/fixtures/plugins/security-analytics-dashboards-plugin/sample_windows_index_settings.json
index 480f63ba1..02c187caf 100644
--- a/cypress/fixtures/plugins/security-analytics-dashboards-plugin/sample_windows_index_settings.json
+++ b/cypress/fixtures/plugins/security-analytics-dashboards-plugin/sample_windows_index_settings.json
@@ -1,7 +1,7 @@
 {
   "mappings": {
     "properties": {
-      "winlog.event_id": {
+      "EventID": {
         "type": "integer"
       },
       "winlog.provider_name": {
diff --git a/cypress/integration/plugins/security-analytics-dashboards-plugin/3_alerts.spec.js b/cypress/integration/plugins/security-analytics-dashboards-plugin/3_alerts.spec.js
index f90d88941..d2b32f882 100644
--- a/cypress/integration/plugins/security-analytics-dashboards-plugin/3_alerts.spec.js
+++ b/cypress/integration/plugins/security-analytics-dashboards-plugin/3_alerts.spec.js
@@ -259,11 +259,7 @@ describe('Alerts', () => {
       // The EuiCodeEditor used for this component stores each line of the JSON in an array of elements;
       // so this test formats the expected document into an array of strings,
       // and matches each entry with the corresponding element line.
-      const document = JSON.stringify(
-        JSON.parse('{"winlog.event_id": 2003}'),
-        null,
-        2
-      );
+      const document = JSON.stringify(JSON.parse('{"EventID": 2003}'), null, 2);
       const documentLines = document.split('\n');
       cy.get('[data-test-subj="finding-details-flyout-rule-document"]')
         .get('[class="euiCodeBlock__line"]')
diff --git a/cypress/utils/plugins/security-analytics-dashboards-plugin/constants.js b/cypress/utils/plugins/security-analytics-dashboards-plugin/constants.js
index 3bdd9d238..d7b7595c9 100644
--- a/cypress/utils/plugins/security-analytics-dashboards-plugin/constants.js
+++ b/cypress/utils/plugins/security-analytics-dashboards-plugin/constants.js
@@ -117,6 +117,8 @@ export const createDetector = (
       });
     });
 
+  // Wait for the first run to execute before ingesting data
+  cy.wait(65000);
   // Ingest documents to the test index
   for (let i = 0; i < indexDocsCount; i++) {
     cy.insertDocumentToIndex(indexName, '', indexDoc);