Skip to content

Failing test: X-Pack Detection Engine API Integration Tests.x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_threat_matching·ts - detection engine api security and spaces enabled create_threat_matching tests with auditbeat data indicator enrichment adds a single indicator that matched multiple fields #127770

New issue
Jump to bottom
New issue
Jump to bottom
Closed
Closed
Failing test: X-Pack Detection Engine API Integration Tests.x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_threat_matching·ts - detection engine api security and spaces enabled create_threat_matching tests with auditbeat data indicator enrichment adds a single indicator that matched multiple fields#127770
Labels
Team: CTITeam: SecuritySolutionSecurity Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.failed-testA test failure on a tracked branch, potentially flaky-test
@kibanamachine

Description

@kibanamachine
kibanamachine
opened on Mar 15, 2022

A test failed on a tracked branch

Error: expected [
  {
    "indicator": {
      "first_seen": "2021-01-26T11:06:03.000Z",
      "port": 57324,
      "provider": "geenensp",
      "ip": "45.115.45.3",
      "description": "this should match auditbeat/hosts on both port and ip",
      "type": "url"
    },
    "feed": {},
    "matched": {
      "atomic": "45.115.45.3",
      "field": "source.ip",
      "id": "978785",
      "index": "filebeat-8.0.0-2021.01.26-000001",
      "type": "indicator_match_rule"
    }
  },
  {
    "indicator": {
      "first_seen": "2021-01-26T11:06:03.000Z",
      "port": 57324,
      "provider": "geenensp",
      "ip": "45.115.45.3",
      "description": "this should match auditbeat/hosts on both port and ip",
      "type": "url"
    },
    "feed": {},
    "matched": {
      "atomic": 57324,
      "field": "source.port",
      "id": "978785",
      "index": "filebeat-8.0.0-2021.01.26-000001",
      "type": "indicator_match_rule"
    }
  }
] to contain {
  "feed": {},
  "indicator": {
    "description": "this should match auditbeat/hosts on ip",
    "first_seen": "2021-01-26T11:06:03.000Z",
    "ip": "45.115.45.3",
    "provider": "other_provider",
    "type": "ip"
  },
  "matched": {
    "atomic": "45.115.45.3",
    "id": "978787",
    "index": "filebeat-8.0.0-2021.01.26-000001",
    "field": "source.ip",
    "type": "indicator_match_rule"
  }
}
    at Assertion.assert (/opt/local-ssd/buildkite/builds/kb-n2-4-9f8761dbe84f10c0/elastic/kibana-hourly/kibana/node_modules/@kbn/expect/expect.js:100:11)
    at Assertion.eql (/opt/local-ssd/buildkite/builds/kb-n2-4-9f8761dbe84f10c0/elastic/kibana-hourly/kibana/node_modules/@kbn/expect/expect.js:244:8)
    at forEach (test/detection_engine_api_integration/security_and_spaces/tests/create_threat_matching.ts:57:71)
    at Array.forEach (<anonymous>)
    at assertContains (test/detection_engine_api_integration/security_and_spaces/tests/create_threat_matching.ts:56:12)
    at Context.<anonymous> (test/detection_engine_api_integration/security_and_spaces/tests/create_threat_matching.ts:725:11)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at Object.apply (/opt/local-ssd/buildkite/builds/kb-n2-4-9f8761dbe84f10c0/elastic/kibana-hourly/kibana/node_modules/@kbn/test/target_node/functional_test_runner/lib/mocha/wrap_function.js:87:16) {
  actual: 'false',
  expected: 'true',
  showDiff: true
}

First failure: CI Build - main

Metadata

Assignees

No one assigned

    Labels

    Team: CTITeam: SecuritySolutionSecurity Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.failed-testA test failure on a tracked branch, potentially flaky-test

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions