[Security Solution][Detections] Re-enable skipped integration test (#87254)

* Re-enable test skipped due to temporary failure This failure may still be present/intermittent, but it passes reliably locally; trying again on CI to check status. * Triggering build This should fail on the latest snapshot * Update EQL integration tests to reflect new default pipe We were previously using what is effectively `results | head` to retrieve the desired amount of results. The default behavior was changed in elastic/elasticsearch#66387, which caused these tests to fail as different results were returned over such a large dataset. Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
2021-01-05 16:08:13 -06:00 · 2021-01-05 16:08:13 -06:00 · e954306786
parent 38a7e2b00a
commit e954306786
1 changed files with 9 additions and 12 deletions
--- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/generating_signals.ts
+++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/generating_signals.ts
@ -201,8 +201,7 @@ export default ({ getService }: FtrProviderContext) => {
        });
      });

-      // ES PROMOTION FAILURE: http://github.com/elastic/kibana/issues/86709
-      describe.skip('EQL Rules', () => {
+      describe('EQL Rules', () => {
        it('generates signals from EQL sequences in the expected form', async () => {
          const rule: EqlCreateSchema = {
            ...getRuleForSignalTesting(['auditbeat-*']),
@ -226,28 +225,26 @@ export default ({ getService }: FtrProviderContext) => {
            ancestors: [
              {
                depth: 0,
-                id: 'UBXOBmkBR346wHgnLP8T',
+                id: 'gCF0B2kBR346wHgnb7m0',
                index: 'auditbeat-8.0.0-2019.02.19-000001',
                type: 'event',
              },
            ],
            original_event: {
-              action: 'boot',
-              dataset: 'login',
-              kind: 'event',
-              module: 'system',
-              origin: '/var/log/wtmp',
+              action: 'error',
+              category: 'user-login',
+              module: 'auditd',
            },
            parent: {
              depth: 0,
-              id: 'UBXOBmkBR346wHgnLP8T',
+              id: 'gCF0B2kBR346wHgnb7m0',
              index: 'auditbeat-8.0.0-2019.02.19-000001',
              type: 'event',
            },
            parents: [
              {
                depth: 0,
-                id: 'UBXOBmkBR346wHgnLP8T',
+                id: 'gCF0B2kBR346wHgnb7m0',
                index: 'auditbeat-8.0.0-2019.02.19-000001',
                type: 'event',
              },
@ -284,7 +281,7 @@ export default ({ getService }: FtrProviderContext) => {
            ancestors: [
              {
                depth: 0,
-                id: 'UBXOBmkBR346wHgnLP8T',
+                id: 'gCF0B2kBR346wHgnb7m0',
                index: 'auditbeat-8.0.0-2019.02.19-000001',
                type: 'event',
              },
@ -297,7 +294,7 @@ export default ({ getService }: FtrProviderContext) => {
              },
              {
                depth: 0,
-                id: 'URXOBmkBR346wHgnLP8T',
+                id: 'CCF0B2kBR346wHgngLtX',
                index: 'auditbeat-8.0.0-2019.02.19-000001',
                type: 'event',
              },