Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failing test: X-Pack Endpoint Functional Tests.x-pack/test/security_solution_endpoint/apps/endpoint/endpoint_solution_integrations·ts - endpoint App level Endpoint functionality from Timeline "before all" hook for "should show Isolation action in alert details" #140701

Closed
kibanamachine opened this issue Sep 14, 2022 · 11 comments · Fixed by #144133
Closed

Failing test: X-Pack Endpoint Functional Tests.x-pack/test/security_solution_endpoint/apps/endpoint/endpoint_solution_integrations·ts - endpoint App level Endpoint functionality from Timeline "before all" hook for "should show Isolation action in alert details" #140701

kibanamachine opened this issue Sep 14, 2022 · 11 comments · Fixed by #144133
Assignees
@paul-tavares
Labels
failed-test A test failure on a tracked branch, potentially flaky-test OLM Sprint Team:Defend Workflows “EDR Workflows” sub-team of Security Solution Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.

Comments

@kibanamachine
Copy link
Contributor

kibanamachine commented Sep 14, 2022
edited
Loading

A test failed on a tracked branch

Error: Timeout of 360000ms exceeded. For async tests and hooks, ensure "done()" is called; if returning a Promise, ensure it resolves. (/var/lib/buildkite-agent/builds/kb-n2-4-spot-cd1f6217d1bd1b3e/elastic/kibana-on-merge/kibana/x-pack/test/security_solution_endpoint/apps/endpoint/endpoint_solution_integrations.ts)
    at listOnTimeout (node:internal/timers:559:17)
    at processTimers (node:internal/timers:502:7) {
  code: 'ERR_MOCHA_TIMEOUT',
  timeout: 360000,
  file: '/var/lib/buildkite-agent/builds/kb-n2-4-spot-cd1f6217d1bd1b3e/elastic/kibana-on-merge/kibana/x-pack/test/security_solution_endpoint/apps/endpoint/endpoint_solution_integrations.ts'
}

First failure: CI Build - main
@kibanamachine kibanamachine added the failed-test A test failure on a tracked branch, potentially flaky-test label Sep 14, 2022
@botelastic botelastic bot added the needs-team Issues missing a team label label Sep 14, 2022
@kibanamachine kibanamachine added the Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. label Sep 14, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@botelastic botelastic bot removed the needs-team Issues missing a team label label Sep 14, 2022
@kevinlog kevinlog added the Team:Defend Workflows “EDR Workflows” sub-team of Security Solution label Sep 14, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-onboarding-and-lifecycle-mgt (Team:Onboarding and Lifecycle Mgt)

@paul-tavares paul-tavares self-assigned this Sep 14, 2022
@paul-tavares
Copy link
Contributor

Will take a look. This (I think) has something to do with the Endpoint rule perhaps not processing the events when stopped/started.

@paul-tavares
Copy link
Contributor

The failure seems to have occurred while waiting for Alerts to be created by the Endpoint Rule in security solution. We keep pinging the API until the alerts for the endpoint data we loaded for the test case shows up, but for whatever reason, it never shows up.

I would like to see the Kibana server log to see if any errors were logged there while the test was running. The fact that we timed out waiting for the alerts might indicate that the Endpoint rule never ran or might have encountered an error while it was running.

Not sure what might be causing this to fail. Will continue to monitor

@kibanamachine
Copy link
Contributor Author

New failure: CI Build - 8.5

@kibanamachine
Copy link
Contributor Author

New failure: CI Build - 8.5

@kibanamachine
Copy link
Contributor Author

New failure: CI Build - main

spalger pushed a commit that referenced this issue Sep 23, 2022
skip flaky suite (#140701)
15e4a3f
spalger pushed a commit that referenced this issue Sep 23, 2022
skip flaky suite (#140701)
d9247c8
@spalger
Copy link
Contributor

spalger commented Sep 23, 2022

6 failures in the last week across 8.5 and main, skipped

main/8.6: 15e4a3f
8.5: d9247c8

@kevinlog
Copy link
Contributor

@paul-tavares

I would like to see the Kibana server log to see if any errors were logged there while the test was running. The fact that we timed out waiting for the alerts might indicate that the Endpoint rule never ran or might have encountered an error while it was running.

Can we populate alerts directly into the alerts index and not wait for Endpoint rule promotion? My guess is that the Detections team does something like this with their integration tests in Alerts.

@paul-tavares
Copy link
Contributor

@kevinlog ,

re: "...Can we populate alerts directly into the alerts index..."

Maybe. I'll look into it to see if it's possible.

@paul-tavares paul-tavares mentioned this issue Oct 27, 2022
Merged
@paul-tavares
Copy link
Contributor

PR opened: #144133

@kevinlog ,
I seem ( 🤞 ) to have been successful at loading Endpoint (rule) Alerts directly to the index instead of waiting for the rule to run. Let's hope that does it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@paul-tavares paul-tavares

Labels
failed-test A test failure on a tracked branch, potentially flaky-test OLM Sprint Team:Defend Workflows “EDR Workflows” sub-team of Security Solution Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Projects
None yet
Milestone
No milestone
5 participants
@spalger @elasticmachine @kibanamachine @kevinlog @paul-tavares