[Security Solution][Detections] Re-enable skipped integration test (#87254) (#87397)

rylnd · kibanamachine · web-flow · commit eac0359d1fc5 · 2021-01-05T18:23:33.000-06:00
* Re-enable test skipped due to temporary failure This failure may still be present/intermittent, but it passes reliably locally; trying again on CI to check status. * Triggering build This should fail on the latest snapshot * Update EQL integration tests to reflect new default pipe We were previously using what is effectively `results | head` to retrieve the desired amount of results. The default behavior was changed in elastic/elasticsearch#66387, which caused these tests to fail as different results were returned over such a large dataset. Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/generating_signals.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/generating_signals.ts
@@ -201,8 +201,7 @@ export default ({ getService }: FtrProviderContext) => {
         });
       });
 
-      // ES PROMOTION FAILURE: http://github.com/elastic/kibana/issues/86709
-      describe.skip('EQL Rules', () => {
+      describe('EQL Rules', () => {
         it('generates signals from EQL sequences in the expected form', async () => {
           const rule: EqlCreateSchema = {
             ...getRuleForSignalTesting(['auditbeat-*']),
@@ -226,28 +225,26 @@ export default ({ getService }: FtrProviderContext) => {
             ancestors: [
               {
                 depth: 0,
-                id: 'UBXOBmkBR346wHgnLP8T',
+                id: 'gCF0B2kBR346wHgnb7m0',
                 index: 'auditbeat-8.0.0-2019.02.19-000001',
                 type: 'event',
               },
             ],
             original_event: {
-              action: 'boot',
-              dataset: 'login',
-              kind: 'event',
-              module: 'system',
-              origin: '/var/log/wtmp',
+              action: 'error',
+              category: 'user-login',
+              module: 'auditd',
             },
             parent: {
               depth: 0,
-              id: 'UBXOBmkBR346wHgnLP8T',
+              id: 'gCF0B2kBR346wHgnb7m0',
               index: 'auditbeat-8.0.0-2019.02.19-000001',
               type: 'event',
             },
             parents: [
               {
                 depth: 0,
-                id: 'UBXOBmkBR346wHgnLP8T',
+                id: 'gCF0B2kBR346wHgnb7m0',
                 index: 'auditbeat-8.0.0-2019.02.19-000001',
                 type: 'event',
               },
@@ -284,7 +281,7 @@ export default ({ getService }: FtrProviderContext) => {
             ancestors: [
               {
                 depth: 0,
-                id: 'UBXOBmkBR346wHgnLP8T',
+                id: 'gCF0B2kBR346wHgnb7m0',
                 index: 'auditbeat-8.0.0-2019.02.19-000001',
                 type: 'event',
               },
@@ -297,7 +294,7 @@ export default ({ getService }: FtrProviderContext) => {
               },
               {
                 depth: 0,
-                id: 'URXOBmkBR346wHgnLP8T',
+                id: 'CCF0B2kBR346wHgngLtX',
                 index: 'auditbeat-8.0.0-2019.02.19-000001',
                 type: 'event',
               },
