kibana
kibana copied to clipboard
elastic
[Security Solution][Detection Engine] synthetic source enabled for Detection Engine rule execution FTR tests
Summary
Summarize your PR. If it involves visual changes include a screenshot or gif.
Checklist
Delete any items that are not applicable to this PR.
- [ ] Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support
- [ ] Documentation was added for features that require explanation or tutorials
- [ ] Unit or functional tests were updated or added to match the most common scenarios
- [ ] Flaky Test Runner was used on any tests changed
- [ ] Any UI touched in this PR is usable by keyboard only (learn more about keyboard accessibility)
- [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: FF, Chrome)
- [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the docker list
- [ ] This renders correctly on smaller devices using a responsive layout. (You can test this in your browser)
- [ ] This was checked for cross-browser compatibility
Risk Matrix
Delete this section if it is not applicable to this PR.
Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release.
When forming the risk matrix, consider some of the following examples and how they may potentially impact the change:
| Risk | Probability | Severity | Mitigation/Notes |
|---|---|---|---|
| Multiple Spaces—unexpected behavior in non-default Kibana Space. | Low | High | Integration tests will verify that all features are still supported in non-default Kibana Space and when user switches between spaces. |
| Multiple nodes—Elasticsearch polling might have race conditions when multiple Kibana nodes are polling for the same tasks. | High | Low | Tasks are idempotent, so executing them multiple times will not result in logical error, but will degrade performance. To test for this case we add plenty of unit tests around this logic and document manual testing procedure. |
| Code should gracefully handle cases when feature X or plugin Y are disabled. | Medium | High | Unit tests will verify that any feature flag or plugin combination still results in our service operational. |
| See more potential risk examples |
For maintainers
- [ ] This was checked for breaking API changes and was labeled appropriately
Flaky Test Runner Stats
🟠 Some tests failed. - kibana-flaky-test-suite-runner#6814
[❌] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/configs/ess.config.ts: 0/1 tests passed. [❌] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/trial_license_complete_tier/configs/serverless.config.ts: 0/1 tests passed.
:broken_heart: Build Failed
- Buildkite Build
- Commit: 6f4f763347030c3bdec757826f499071e80b3469
- Interpreting CI Failures
Failed CI Steps
Test Failures
- [job] [logs] FTR Configs #106 / Reporting APIs Network Policy "after all" hook for "should fail job when page violates the network policy"
- [job] [logs] FTR Configs #106 / Reporting APIs Network Policy should fail job when page violates the network policy
- [job] [logs] FTR Configs #7 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA EQL type rules ensures common fields are present in generated shell alert
- [job] [logs] FTR Configs #64 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA EQL type rules ensures common fields are present in generated shell alert
- [job] [logs] FTR Configs #7 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA EQL type rules ensures common fields are present in generated shell alert
- [job] [logs] FTR Configs #64 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA EQL type rules ensures common fields are present in generated shell alert
- [job] [logs] FTR Configs #7 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA New terms type rules should generate 1 alert with 1 selected field
- [job] [logs] FTR Configs #64 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA New terms type rules should generate 1 alert with 1 selected field
- [job] [logs] FTR Configs #7 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA New terms type rules should generate 1 alert with 1 selected field
- [job] [logs] FTR Configs #64 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA New terms type rules should generate 1 alert with 1 selected field
- [job] [logs] FTR Configs #7 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA Non ECS fields in alert document source multi-fields should not add multi field .text to ecs compliant flattened source
- [job] [logs] FTR Configs #64 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA Non ECS fields in alert document source multi-fields should not add multi field .text to ecs compliant flattened source
- [job] [logs] FTR Configs #7 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA Non ECS fields in alert document source multi-fields should not add multi field .text to ecs compliant flattened source
- [job] [logs] FTR Configs #64 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA Non ECS fields in alert document source multi-fields should not add multi field .text to ecs compliant flattened source
- [job] [logs] FTR Configs #7 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA Non ECS fields in alert document source multi-fields should not add multi field .text to ecs non compliant flattened source
- [job] [logs] FTR Configs #64 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA Non ECS fields in alert document source multi-fields should not add multi field .text to ecs non compliant flattened source
- [job] [logs] FTR Configs #7 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA Non ECS fields in alert document source multi-fields should not add multi field .text to ecs non compliant flattened source
- [job] [logs] FTR Configs #64 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA Non ECS fields in alert document source multi-fields should not add multi field .text to ecs non compliant flattened source
- [job] [logs] FTR Configs #7 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA Non ECS fields in alert document source saving non-ECS compliant text field in keyword should remove text field if the length of the string is more than 32766 bytes
- [job] [logs] FTR Configs #64 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA Non ECS fields in alert document source saving non-ECS compliant text field in keyword should remove text field if the length of the string is more than 32766 bytes
- [job] [logs] FTR Configs #7 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA Non ECS fields in alert document source saving non-ECS compliant text field in keyword should remove text field if the length of the string is more than 32766 bytes
- [job] [logs] FTR Configs #64 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA Non ECS fields in alert document source saving non-ECS compliant text field in keyword should remove text field if the length of the string is more than 32766 bytes
- [job] [logs] FTR Configs #7 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA Non ECS fields in alert document source should not remove valid dates from ECS source field
- [job] [logs] FTR Configs #64 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA Non ECS fields in alert document source should not remove valid dates from ECS source field
- [job] [logs] FTR Configs #7 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA Non ECS fields in alert document source should not remove valid dates from ECS source field
- [job] [logs] FTR Configs #64 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA Non ECS fields in alert document source should not remove valid dates from ECS source field
- [job] [logs] FTR Configs #7 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA Non ECS fields in alert document source should not remove valid ips from ECS source field
- [job] [logs] FTR Configs #64 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA Non ECS fields in alert document source should not remove valid ips from ECS source field
- [job] [logs] FTR Configs #7 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA Non ECS fields in alert document source should not remove valid ips from ECS source field
- [job] [logs] FTR Configs #64 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA Non ECS fields in alert document source should not remove valid ips from ECS source field
- [job] [logs] FTR Configs #7 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA Non ECS fields in alert document source should remove source array of keywords field from alert if ECS field mapping is nested
- [job] [logs] FTR Configs #64 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA Non ECS fields in alert document source should remove source array of keywords field from alert if ECS field mapping is nested
- [job] [logs] FTR Configs #7 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA Non ECS fields in alert document source should remove source array of keywords field from alert if ECS field mapping is nested
- [job] [logs] FTR Configs #64 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA Non ECS fields in alert document source should remove source array of keywords field from alert if ECS field mapping is nested
- [job] [logs] FTR Configs #7 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA Non ECS fields in alert document source should strip invalid boolean values and left valid ones
- [job] [logs] FTR Configs #64 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA Non ECS fields in alert document source should strip invalid boolean values and left valid ones
- [job] [logs] FTR Configs #7 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA Non ECS fields in alert document source should strip invalid boolean values and left valid ones
- [job] [logs] FTR Configs #64 / Rule execution logic API Detection Engine - Execution logic @ess @serverless @serverlessQA Non ECS fields in alert document source should strip invalid boolean values and left valid ones
Metrics [docs]
✅ unchanged
History
- :broken_heart: Build #231087 failed fb6bf8b200997a1ce6353fbab9ff5d14418f6572
- :broken_heart: Build #230904 failed c91748b54095a2f86fba00c1db9560a288b06965
- :broken_heart: Build #230408 failed 1c82c377254f224f11c405efdd98d9933e134259
- :broken_heart: Build #230407 failed 81b39f714ef21027fda8c62a795ae74c3d1b779d
To update your PR or re-run it, just comment with:
@elasticmachine merge upstream
cc @vitaliidm
