Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Detection Rules] Add 7.10 rules - v3 #82202

Closed
wants to merge 2 commits into from
Closed

[Detection Rules] Add 7.10 rules - v3 #82202

wants to merge 2 commits into from

Conversation

brokensound77
Copy link
Contributor

Summary

Pull updates to detection rules from https://github.com/elastic/detection-rules/tree/7.10.

The is the 3rd and final PR for 7.10, with updates to #81676

Checklist

@brokensound77 brokensound77 added release_note:skip Skip the PR/issue when compiling release notes v7.10.0 Feature:Detection Rules Anything related to Security Solution's Detection Rules labels Oct 30, 2020
@brokensound77 brokensound77 requested a review from a team as a code owner October 30, 2020 20:46
@brokensound77
Copy link
Contributor Author

Going to re PR from fresh branch

@brokensound77 brokensound77 deleted the rules/7.10 branch October 30, 2020 20:48
@kibanamachine
Copy link
Contributor

kibanamachine commented Oct 30, 2020
edited
Loading

💔 Build Failed

Failed CI Steps

Test Failures

Loads prebuilt rules.Alerts rules, prebuilt rules Loads prebuilt rules

Link to Jenkins

Stack Trace

Failed Tests Reporter:
  - Test has failed 1 times on tracked branches: https://github.com/elastic/kibana/issues/71300

AssertionError: Timed out retrying: Expected to find element: `[data-test-subj="load-prebuilt-rules"]`, but never found it.
    at Object../cypress/tasks/alerts_detection_rules.ts.exports.loadPrebuiltDetectionRules (http://localhost:6111/__cypress/tests?p=cypress/integration/alerts_detection_rules_prebuilt.spec.ts:14189:62)
    at Context.eval (http://localhost:6111/__cypress/tests?p=cypress/integration/alerts_detection_rules_prebuilt.spec.ts:13497:34)
"before each" hook for "Does not allow to delete one rule when more than one is selected".Deleting prebuilt rules "before each" hook for "Does not allow to delete one rule when more than one is selected"

Link to Jenkins

Stack Trace

Failed Tests Reporter:
  - Test has failed 4 times on tracked branches: https://github.com/elastic/kibana/issues/68607

AssertionError: Timed out retrying: Expected to find element: `[data-test-subj="tablePaginationPopoverButton"]`, but never found it.

Because this error occurred during a `before each` hook we are skipping the remaining tests in the current suite: `Deleting prebuilt rules`
    at Object../cypress/tasks/alerts_detection_rules.ts.exports.changeToThreeHundredRowsPerPage (http://localhost:6111/__cypress/tests?p=cypress/integration/alerts_detection_rules_prebuilt.spec.ts:14153:8)
    at Context.eval (http://localhost:6111/__cypress/tests?p=cypress/integration/alerts_detection_rules_prebuilt.spec.ts:13528:34)
X-Pack Detection Engine API Integration Tests.x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_exceptions·ts.detection engine api security and spaces enabled create_rules_with_exceptions creating rules with exceptions should allow removing an exception list from an immutable rule through patch

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has failed 1 times on tracked branches: https://dryrun

[00:00:00]       │
[00:00:00]         └-: detection engine api security and spaces enabled
[00:00:00]           └-> "before all" hook
[00:02:13]           └-: create_rules_with_exceptions
[00:02:13]             └-> "before all" hook
[00:02:13]             └-: creating rules with exceptions
[00:02:13]               └-> "before all" hook
[00:02:13]               └-> should create a single rule with a rule_id and add an exception list to the rule
[00:02:13]                 └-> "before each" hook: global before each
[00:02:13]                 └-> "before each" hook
[00:02:13]                   │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-debian-tests-xxl-1604090857918487979] adding index lifecycle policy [.siem-signals-default]
[00:02:13]                   │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-debian-tests-xxl-1604090857918487979] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:02:13]                   │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-debian-tests-xxl-1604090857918487979] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:02:13]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-debian-tests-xxl-1604090857918487979] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:02:13]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-debian-tests-xxl-1604090857918487979] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.siem-signals-default]
[00:02:13]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-debian-tests-xxl-1604090857918487979] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [.siem-signals-default]
[00:02:13]                 │ info [o.e.c.m.MetadataMappingService] [kibana-ci-immutable-debian-tests-xxl-1604090857918487979] [.kibana_1/LVV8O6s7RvCEViGeDQh9Ng] update_mapping [_doc]
[00:02:14]                 │ proc [kibana]   log   [22:19:37.733] [error][data][elasticsearch] [version_conflict_engine_exception]: [exception-list-agnostic:endpoint_list]: version conflict, document already exists (current version [1])
[00:02:17]                 └- ✓ pass  (3.7s) "detection engine api security and spaces enabled create_rules_with_exceptions creating rules with exceptions should create a single rule with a rule_id and add an exception list to the rule"
[00:02:17]               └-> "after each" hook
[00:02:17]                 │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-debian-tests-xxl-1604090857918487979] [.siem-signals-default-000001/mVIVSsv9S0GpK_GplVB9VA] deleting index
[00:02:17]                 │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-debian-tests-xxl-1604090857918487979] removing template [.siem-signals-default]
[00:02:17]               └-> should create a single rule with an exception list and validate it ran successfully
[00:02:17]                 └-> "before each" hook: global before each
[00:02:17]                 └-> "before each" hook
[00:02:17]                   │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-debian-tests-xxl-1604090857918487979] adding index lifecycle policy [.siem-signals-default]
[00:02:17]                   │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-debian-tests-xxl-1604090857918487979] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:02:17]                   │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-debian-tests-xxl-1604090857918487979] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:02:17]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-debian-tests-xxl-1604090857918487979] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:02:17]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-debian-tests-xxl-1604090857918487979] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.siem-signals-default]
[00:02:17]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-debian-tests-xxl-1604090857918487979] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [.siem-signals-default]
[00:02:24]                 │ proc [kibana]   log   [22:19:47.746] [info][eventLog][plugins] event logged: {"event":{"provider":"alerting","action":"execute","start":"2020-10-30T22:19:45.496Z","end":"2020-10-30T22:19:47.745Z","duration":2249000000,"outcome":"success"},"kibana":{"saved_objects":[{"rel":"primary","type":"alert","id":"61e0ce79-60fe-4e70-93fa-226ea15a9ce8"}],"server_uuid":"5b2de169-2785-441b-ae8c-186a1936b17d"},"message":"alert executed: siem.signals:61e0ce79-60fe-4e70-93fa-226ea15a9ce8: 'Simple Rule Query'","@timestamp":"2020-10-30T22:19:47.745Z","ecs":{"version":"1.5.0"}}
[00:02:24]                 └- ✓ pass  (6.7s) "detection engine api security and spaces enabled create_rules_with_exceptions creating rules with exceptions should create a single rule with an exception list and validate it ran successfully"
[00:02:24]               └-> "after each" hook
[00:02:24]                 │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-debian-tests-xxl-1604090857918487979] [.siem-signals-default-000001/e60rifO0SO6Jv8P_2po_jA] deleting index
[00:02:24]                 │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-debian-tests-xxl-1604090857918487979] removing template [.siem-signals-default]
[00:02:25]               └-> should allow removing an exception list from an immutable rule through patch
[00:02:25]                 └-> "before each" hook: global before each
[00:02:25]                 └-> "before each" hook
[00:02:25]                   │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-debian-tests-xxl-1604090857918487979] adding index lifecycle policy [.siem-signals-default]
[00:02:25]                   │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-debian-tests-xxl-1604090857918487979] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:02:25]                   │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-debian-tests-xxl-1604090857918487979] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:02:25]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-debian-tests-xxl-1604090857918487979] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:02:25]                   │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-debian-tests-xxl-1604090857918487979] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.siem-signals-default]
[00:02:25]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-debian-tests-xxl-1604090857918487979] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [.siem-signals-default]
[00:02:28]                 └- ✖ fail: detection engine api security and spaces enabled create_rules_with_exceptions creating rules with exceptions should allow removing an exception list from an immutable rule through patch
[00:02:28]                 │      Error: expected 200 "OK", got 500 "Internal Server Error"
[00:02:28]                 │       at Test._assertStatus (/dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:268:12)
[00:02:28]                 │       at Test._assertFunction (/dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:283:11)
[00:02:28]                 │       at Test.assert (/dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:173:18)
[00:02:28]                 │       at assert (/dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:131:12)
[00:02:28]                 │       at /dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:128:5
[00:02:28]                 │       at Test.Request.callback (/dev/shm/workspace/kibana/node_modules/superagent/lib/node/index.js:718:3)
[00:02:28]                 │       at parser (/dev/shm/workspace/kibana/node_modules/superagent/lib/node/index.js:906:18)
[00:02:28]                 │       at IncomingMessage.res.on (/dev/shm/workspace/kibana/node_modules/superagent/lib/node/parsers/json.js:19:7)
[00:02:28]                 │       at endReadableNT (_stream_readable.js:1145:12)
[00:02:28]                 │       at process._tickCallback (internal/process/next_tick.js:63:19)
[00:02:28]                 │ 
[00:02:28]                 │

Stack Trace

Error: expected 200 "OK", got 500 "Internal Server Error"
    at Test._assertStatus (/dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:268:12)
    at Test._assertFunction (/dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:283:11)
    at Test.assert (/dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:173:18)
    at assert (/dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:131:12)
    at /dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:128:5
    at Test.Request.callback (/dev/shm/workspace/kibana/node_modules/superagent/lib/node/index.js:718:3)
    at parser (/dev/shm/workspace/kibana/node_modules/superagent/lib/node/index.js:906:18)
    at IncomingMessage.res.on (/dev/shm/workspace/kibana/node_modules/superagent/lib/node/parsers/json.js:19:7)
    at endReadableNT (_stream_readable.js:1145:12)
    at process._tickCallback (internal/process/next_tick.js:63:19)

and 1 more failures, only showing the first 3.

Metrics [docs]

distributable file count

id before after diff
default 48088 48082 -6

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@spong spong Awaiting requested review from spong

@rw-access rw-access Awaiting requested review from rw-access

@bm11100 bm11100 Awaiting requested review from bm11100

Assignees
No one assigned
Labels
Feature:Detection Rules Anything related to Security Solution's Detection Rules release_note:skip Skip the PR/issue when compiling release notes v7.10.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@brokensound77 @kibanamachine