[Security Solution][Detections] Re-enable skipped integration test (#87254)
* Re-enable test skipped due to temporary failure This failure may still be present/intermittent, but it passes reliably locally; trying again on CI to check status. * Triggering build This should fail on the latest snapshot * Update EQL integration tests to reflect new default pipe We were previously using what is effectively `results | head` to retrieve the desired amount of results. The default behavior was changed in elastic/elasticsearch#66387, which caused these tests to fail as different results were returned over such a large dataset. Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
This commit is contained in:
parent
38a7e2b00a
commit
e954306786
|
@ -201,8 +201,7 @@ export default ({ getService }: FtrProviderContext) => {
|
|||
});
|
||||
});
|
||||
|
||||
// ES PROMOTION FAILURE: http://github.com/elastic/kibana/issues/86709
|
||||
describe.skip('EQL Rules', () => {
|
||||
describe('EQL Rules', () => {
|
||||
it('generates signals from EQL sequences in the expected form', async () => {
|
||||
const rule: EqlCreateSchema = {
|
||||
...getRuleForSignalTesting(['auditbeat-*']),
|
||||
|
@ -226,28 +225,26 @@ export default ({ getService }: FtrProviderContext) => {
|
|||
ancestors: [
|
||||
{
|
||||
depth: 0,
|
||||
id: 'UBXOBmkBR346wHgnLP8T',
|
||||
id: 'gCF0B2kBR346wHgnb7m0',
|
||||
index: 'auditbeat-8.0.0-2019.02.19-000001',
|
||||
type: 'event',
|
||||
},
|
||||
],
|
||||
original_event: {
|
||||
action: 'boot',
|
||||
dataset: 'login',
|
||||
kind: 'event',
|
||||
module: 'system',
|
||||
origin: '/var/log/wtmp',
|
||||
action: 'error',
|
||||
category: 'user-login',
|
||||
module: 'auditd',
|
||||
},
|
||||
parent: {
|
||||
depth: 0,
|
||||
id: 'UBXOBmkBR346wHgnLP8T',
|
||||
id: 'gCF0B2kBR346wHgnb7m0',
|
||||
index: 'auditbeat-8.0.0-2019.02.19-000001',
|
||||
type: 'event',
|
||||
},
|
||||
parents: [
|
||||
{
|
||||
depth: 0,
|
||||
id: 'UBXOBmkBR346wHgnLP8T',
|
||||
id: 'gCF0B2kBR346wHgnb7m0',
|
||||
index: 'auditbeat-8.0.0-2019.02.19-000001',
|
||||
type: 'event',
|
||||
},
|
||||
|
@ -284,7 +281,7 @@ export default ({ getService }: FtrProviderContext) => {
|
|||
ancestors: [
|
||||
{
|
||||
depth: 0,
|
||||
id: 'UBXOBmkBR346wHgnLP8T',
|
||||
id: 'gCF0B2kBR346wHgnb7m0',
|
||||
index: 'auditbeat-8.0.0-2019.02.19-000001',
|
||||
type: 'event',
|
||||
},
|
||||
|
@ -297,7 +294,7 @@ export default ({ getService }: FtrProviderContext) => {
|
|||
},
|
||||
{
|
||||
depth: 0,
|
||||
id: 'URXOBmkBR346wHgnLP8T',
|
||||
id: 'CCF0B2kBR346wHgngLtX',
|
||||
index: 'auditbeat-8.0.0-2019.02.19-000001',
|
||||
type: 'event',
|
||||
},
|
||||
|
|
Loading…
Reference in a new issue