[7.12] [Security Solution] Narrow down indices to match case descript…

…ions (#89592) (#92284) * [Security Solution] Narrow down indices to match case descriptions (#89592) * update default index to match with description * narrow down indices to match case description * run specific tests * run only security solution's tests * debug users integration test * wait_for_completion_timeout * run only security_solution * add back integration tests * avoid multiple requests * uncomment tests * unskip tests * add smaller mock data for users and uncommon_processes * put test back Co-authored-by: Kibana Machine <[email protected]> # Conflicts: # x-pack/test/api_integration/apis/security_solution/users.ts * update mocked users data * update mocked index * update mocked index * update mocked index * update mock data
elastic · Feb 23, 2021 · eeb6316 · eeb6316
1 parent 1dfb7d9
commit eeb6316
Show file tree

Hide file tree

Showing 21 changed files with 4,150,464 additions and 170 deletions.
diff --git a/x-pack/test/api_integration/apis/security_solution/authentications.ts b/x-pack/test/api_integration/apis/security_solution/authentications.ts
@@ -44,9 +44,10 @@ export default function ({ getService }: FtrProviderContext) {
             fakePossibleCount: 3,
             querySize: 1,
           },
-          defaultIndex: ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'],
+          defaultIndex: ['auditbeat-*'],
           docValueFields: [],
           inspect: false,
+          wait_for_completion_timeout: '10s',
         })
         .expect(200);
 
@@ -72,9 +73,10 @@ export default function ({ getService }: FtrProviderContext) {
             fakePossibleCount: 5,
             querySize: 2,
           },
-          defaultIndex: ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'],
+          defaultIndex: ['auditbeat-*'],
           docValueFields: [],
           inspect: false,
+          wait_for_completion_timeout: '10s',
         })
         .expect(200);
 

diff --git a/x-pack/test/api_integration/apis/security_solution/host_details.ts b/x-pack/test/api_integration/apis/security_solution/host_details.ts
@@ -229,6 +229,7 @@ export default function ({ getService }: FtrProviderContext) {
             docValueFields: [],
             hostName: 'raspberrypi',
             inspect: false,
+            wait_for_completion_timeout: '10s',
           })
           .expect(200);
         expect(hostDetails).to.eql(expectedResult.hostDetails);

diff --git a/x-pack/test/api_integration/apis/security_solution/hosts.ts b/x-pack/test/api_integration/apis/security_solution/hosts.ts
@@ -42,7 +42,7 @@ export default function ({ getService }: FtrProviderContext) {
             to: TO,
             from: FROM,
           },
-          defaultIndex: ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'],
+          defaultIndex: ['auditbeat-*'],
           docValueFields: [],
           sort: {
             field: HostsFields.lastSeen,
@@ -55,6 +55,7 @@ export default function ({ getService }: FtrProviderContext) {
             querySize: 1,
           },
           inspect: false,
+          wait_for_completion_timeout: '10s',
         })
         .expect(200);
       expect(hosts.edges.length).to.be(EDGE_LENGTH);
@@ -77,7 +78,7 @@ export default function ({ getService }: FtrProviderContext) {
             field: HostsFields.lastSeen,
             direction: Direction.asc,
           },
-          defaultIndex: ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'],
+          defaultIndex: ['auditbeat-*'],
           docValueFields: [],
           pagination: {
             activePage: 2,
@@ -86,6 +87,7 @@ export default function ({ getService }: FtrProviderContext) {
             querySize: 2,
           },
           inspect: false,
+          wait_for_completion_timeout: '10s',
         })
         .expect(200);
       expect(hosts.edges.length).to.be(EDGE_LENGTH);
@@ -133,9 +135,10 @@ export default function ({ getService }: FtrProviderContext) {
             to: TO,
             from: FROM,
           },
-          defaultIndex: ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'],
+          defaultIndex: ['auditbeat-*'],
           docValueFields: [],
           inspect: false,
+          wait_for_completion_timeout: '10s',
         })
         .expect(200);
 
@@ -148,10 +151,11 @@ export default function ({ getService }: FtrProviderContext) {
         .set('kbn-xsrf', 'true')
         .send({
           factoryQueryType: HostsQueries.firstOrLastSeen,
-          defaultIndex: ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'],
+          defaultIndex: ['auditbeat-*'],
           docValueFields: [],
           hostName: 'zeek-sensor-san-francisco',
           order: 'asc',
+          wait_for_completion_timeout: '10s',
         })
         .expect(200);
       expect(firstLastSeenHost.firstSeen).to.eql('2019-02-19T19:36:23.561Z');
@@ -163,10 +167,11 @@ export default function ({ getService }: FtrProviderContext) {
         .set('kbn-xsrf', 'true')
         .send({
           factoryQueryType: HostsQueries.firstOrLastSeen,
-          defaultIndex: ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'],
+          defaultIndex: ['auditbeat-*'],
           docValueFields: [],
           hostName: 'zeek-sensor-san-francisco',
           order: 'desc',
+          wait_for_completion_timeout: '10s',
         })
         .expect(200);
       expect(firstLastSeenHost.lastSeen).to.eql('2019-02-19T20:42:33.561Z');
@@ -182,6 +187,7 @@ export default function ({ getService }: FtrProviderContext) {
           docValueFields: [{ field: '@timestamp', format: 'epoch_millis' }],
           hostName: 'zeek-sensor-san-francisco',
           order: 'asc',
+          wait_for_completion_timeout: '10s',
         })
         .expect(200);
       expect(firstLastSeenHost.firstSeen).to.eql(new Date('2019-02-19T19:36:23.561Z').valueOf());
@@ -197,6 +203,7 @@ export default function ({ getService }: FtrProviderContext) {
           docValueFields: [{ field: '@timestamp', format: 'epoch_millis' }],
           hostName: 'zeek-sensor-san-francisco',
           order: 'desc',
+          wait_for_completion_timeout: '10s',
         })
         .expect(200);
       expect(firstLastSeenHost.lastSeen).to.eql(new Date('2019-02-19T20:42:33.561Z').valueOf());

diff --git a/x-pack/test/api_integration/apis/security_solution/kpi_hosts.ts b/x-pack/test/api_integration/apis/security_solution/kpi_hosts.ts
@@ -98,6 +98,7 @@ export default function ({ getService }: FtrProviderContext) {
             defaultIndex: ['filebeat-*'],
             docValueFields: [],
             inspect: false,
+            wait_for_completion_timeout: '10s',
           })
           .expect(200);
 
@@ -119,6 +120,10 @@ export default function ({ getService }: FtrProviderContext) {
             defaultIndex: ['filebeat-*'],
             docValueFields: [],
             inspect: false,
+            /* We need a very long timeout to avoid returning just partial data.
+             ** https://github.com/elastic/kibana/blob/master/x-pack/test/api_integration/apis/search/search.ts#L18
+             */
+            wait_for_completion_timeout: '10s',
           })
           .expect(200);
         expect(body.authenticationsSuccess!).to.eql(expectedResult.authSuccess);
@@ -141,6 +146,7 @@ export default function ({ getService }: FtrProviderContext) {
             defaultIndex: ['filebeat-*'],
             docValueFields: [],
             inspect: false,
+            wait_for_completion_timeout: '10s',
           })
           .expect(200);
         expect(body.uniqueDestinationIps!).to.eql(expectedResult.uniqueDestinationIps);
@@ -224,6 +230,7 @@ export default function ({ getService }: FtrProviderContext) {
             defaultIndex: ['auditbeat-*'],
             docValueFields: [],
             inspect: false,
+            wait_for_completion_timeout: '10s',
           })
           .expect(200);
 
@@ -245,6 +252,7 @@ export default function ({ getService }: FtrProviderContext) {
             defaultIndex: ['auditbeat-*'],
             docValueFields: [],
             inspect: false,
+            wait_for_completion_timeout: '10s',
           })
           .expect(200);
         expect(body.authenticationsSuccess!).to.eql(expectedResult.authSuccess);
@@ -267,6 +275,7 @@ export default function ({ getService }: FtrProviderContext) {
             defaultIndex: ['auditbeat-*'],
             docValueFields: [],
             inspect: false,
+            wait_for_completion_timeout: '10s',
           })
           .expect(200);
         expect(body.uniqueDestinationIps!).to.eql(expectedResult.uniqueDestinationIps);

diff --git a/x-pack/test/api_integration/apis/security_solution/kpi_network.ts b/x-pack/test/api_integration/apis/security_solution/kpi_network.ts
@@ -79,6 +79,7 @@ export default function ({ getService }: FtrProviderContext) {
             defaultIndex: ['filebeat-*'],
             docValueFields: [],
             inspect: false,
+            wait_for_completion_timeout: '10s',
           })
           .expect(200);
 
@@ -99,6 +100,7 @@ export default function ({ getService }: FtrProviderContext) {
             defaultIndex: ['filebeat-*'],
             docValueFields: [],
             inspect: false,
+            wait_for_completion_timeout: '10s',
           })
           .expect(200);
 
@@ -119,6 +121,7 @@ export default function ({ getService }: FtrProviderContext) {
             defaultIndex: ['filebeat-*'],
             docValueFields: [],
             inspect: false,
+            wait_for_completion_timeout: '10s',
           })
           .expect(200);
 
@@ -139,6 +142,7 @@ export default function ({ getService }: FtrProviderContext) {
             defaultIndex: ['filebeat-*'],
             docValueFields: [],
             inspect: false,
+            wait_for_completion_timeout: '10s',
           })
           .expect(200);
 
@@ -159,6 +163,7 @@ export default function ({ getService }: FtrProviderContext) {
             defaultIndex: ['filebeat-*'],
             docValueFields: [],
             inspect: false,
+            wait_for_completion_timeout: '10s',
           })
           .expect(200);
 
@@ -179,6 +184,7 @@ export default function ({ getService }: FtrProviderContext) {
             defaultIndex: ['filebeat-*'],
             docValueFields: [],
             inspect: false,
+            wait_for_completion_timeout: '10s',
           })
           .expect(200);
 
@@ -226,6 +232,7 @@ export default function ({ getService }: FtrProviderContext) {
             defaultIndex: ['packetbeat-*'],
             docValueFields: [],
             inspect: false,
+            wait_for_completion_timeout: '10s',
           })
           .expect(200);
 
@@ -246,6 +253,7 @@ export default function ({ getService }: FtrProviderContext) {
             defaultIndex: ['packetbeat-*'],
             docValueFields: [],
             inspect: false,
+            wait_for_completion_timeout: '10s',
           })
           .expect(200);
 
@@ -266,6 +274,7 @@ export default function ({ getService }: FtrProviderContext) {
             defaultIndex: ['packetbeat-*'],
             docValueFields: [],
             inspect: false,
+            wait_for_completion_timeout: '10s',
           })
           .expect(200);
 
@@ -286,6 +295,7 @@ export default function ({ getService }: FtrProviderContext) {
             defaultIndex: ['packetbeat-*'],
             docValueFields: [],
             inspect: false,
+            wait_for_completion_timeout: '10s',
           })
           .expect(200);
 
@@ -306,6 +316,7 @@ export default function ({ getService }: FtrProviderContext) {
             defaultIndex: ['packetbeat-*'],
             docValueFields: [],
             inspect: false,
+            wait_for_completion_timeout: '10s',
           })
           .expect(200);
 

diff --git a/x-pack/test/api_integration/apis/security_solution/network_details.ts b/x-pack/test/api_integration/apis/security_solution/network_details.ts
@@ -24,10 +24,11 @@ export default function ({ getService }: FtrProviderContext) {
           .set('kbn-xsrf', 'true')
           .send({
             ip: '151.205.0.17',
-            defaultIndex: ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'],
+            defaultIndex: ['filebeat-*'],
             factoryQueryType: NetworkQueries.details,
             docValueFields: [],
             inspect: false,
+            wait_for_completion_timeout: '10s',
           })
           .expect(200);
 
@@ -51,6 +52,7 @@ export default function ({ getService }: FtrProviderContext) {
             factoryQueryType: NetworkQueries.details,
             docValueFields: [],
             inspect: false,
+            wait_for_completion_timeout: '10s',
           })
           .expect(200);
 

diff --git a/x-pack/test/api_integration/apis/security_solution/network_dns.ts b/x-pack/test/api_integration/apis/security_solution/network_dns.ts
@@ -32,15 +32,7 @@ export default function ({ getService }: FtrProviderContext) {
           .post('/internal/search/securitySolutionSearchStrategy/')
           .set('kbn-xsrf', 'true')
           .send({
-            defaultIndex: [
-              'apm-*-transaction*',
-              'auditbeat-*',
-              'endgame-*',
-              'filebeat-*',
-              'logs-*',
-              'packetbeat-*',
-              'winlogbeat-*',
-            ],
+            defaultIndex: ['packetbeat-*'],
             docValueFields: [],
             factoryQueryType: NetworkQueries.dns,
             filterQuery:
@@ -53,6 +45,7 @@ export default function ({ getService }: FtrProviderContext) {
               to: TO,
               from: FROM,
             },
+            wait_for_completion_timeout: '10s',
           })
           .expect(200);
 
@@ -70,7 +63,7 @@ export default function ({ getService }: FtrProviderContext) {
           .set('kbn-xsrf', 'true')
           .send({
             ip: '151.205.0.17',
-            defaultIndex: ['auditbeat-*', 'filebeat-*', 'packetbeat-*', 'winlogbeat-*'],
+            defaultIndex: ['packetbeat-*'],
             factoryQueryType: NetworkQueries.dns,
             docValueFields: [],
             inspect: false,
@@ -87,6 +80,7 @@ export default function ({ getService }: FtrProviderContext) {
               to: TO,
               from: FROM,
             },
+            wait_for_completion_timeout: '10s',
           })
           .expect(200);