Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Case] Push ITSM comments as work notes #93916

Merged
merged 4 commits into from
Mar 8, 2021
Merged

[Security Solution][Case] Push ITSM comments as work notes #93916

merged 4 commits into from
Mar 8, 2021

Conversation

cnasikas
Copy link
Member

@cnasikas cnasikas commented Mar 8, 2021
edited
Loading

Summary

ServiceNow ITSM has two fields for creating comments work notes and comments. Work notes are for internal use and the comments are for public use. Comments in Elastic are the not the same as comments in ServiceNow. This PR fixes this issue and push Cases/Alerts comments as work notes. It also improves the error messaging.

Checklist

Delete any items that are not applicable to this PR.

For maintainers

@cnasikas cnasikas added release_note:fix v8.0.0 v7.12.0 Team:Threat Hunting Security Solution Threat Hunting Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v7.13.0 labels Mar 8, 2021
@cnasikas cnasikas self-assigned this Mar 8, 2021
@cnasikas cnasikas requested review from a team as code owners March 8, 2021 11:01
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@kibanamachine
Copy link
Contributor

💛 Build succeeded, but was flaky

Test Failures

Kibana Pipeline / general / X-Pack API Integration Tests.x-pack/test/api_integration/apis/security_solution/users·ts.apis SecuritySolution Endpoints Users With auditbeat Ensure data is returned from auditbeat

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has not failed recently on tracked branches

[00:00:00]       │
[00:00:00]         └-: apis
[00:00:00]           └-> "before all" hook in "apis"
[00:05:24]           └-: SecuritySolution Endpoints
[00:05:24]             └-> "before all" hook in "SecuritySolution Endpoints"
[00:06:35]             └-: Users
[00:06:35]               └-> "before all" hook in "Users"
[00:06:35]               └-: With auditbeat
[00:06:35]                 └-> "before all" hook for "Ensure data is returned from auditbeat"
[00:06:35]                 └-> "before all" hook for "Ensure data is returned from auditbeat"
[00:06:35]                   │ info [auditbeat/users] Loading "mappings.json"
[00:06:35]                   │ info [auditbeat/users] Loading "data.json"
[00:06:35]                   │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1615201685127995231] [auditbeat-users] creating index, cause [api], templates [], shards [1]/[0]
[00:06:35]                   │ info [auditbeat/users] Created index "auditbeat-users"
[00:06:35]                   │ debg [auditbeat/users] "auditbeat-users" settings {"index":{"codec":"best_compression","mapping":{"total_fields":{"limit":"10000"}},"refresh_interval":"5s","number_of_shards":"1","query":{"default_field":["beat.name","beat.hostname","beat.timezone","beat.version","tags","error.message","error.type","meta.cloud.provider","meta.cloud.instance_id","meta.cloud.instance_name","meta.cloud.machine_type","meta.cloud.availability_zone","meta.cloud.project_id","meta.cloud.region","docker.container.id","docker.container.image","docker.container.name","host.name","host.id","host.architecture","host.os.platform","host.os.version","host.os.family","host.mac","kubernetes.pod.name","kubernetes.pod.uid","kubernetes.namespace","kubernetes.node.name","kubernetes.container.name","kubernetes.container.image","event.module","event.action","file.path","raw","file.target_path","file.type","file.device","file.inode","file.uid","file.owner","file.gid","file.group","file.mode","file.origin","raw","file.selinux.user","file.selinux.role","file.selinux.domain","file.selinux.level","event.category","event.type","user.auid","user.uid","user.euid","user.fsuid","user.suid","user.gid","user.egid","user.sgid","user.fsgid","user.name_map.auid","user.name_map.uid","user.name_map.euid","user.name_map.fsuid","user.name_map.suid","user.name_map.gid","user.name_map.egid","user.name_map.sgid","user.name_map.fsgid","user.selinux.user","user.selinux.role","user.selinux.domain","user.selinux.level","user.selinux.category","process.pid","process.ppid","process.name","process.title","process.exe","process.cwd","process.args","source.port","source.hostname","source.path","destination.port","destination.hostname","destination.path","network.direction","auditd.session","auditd.result","auditd.summary.actor.primary","auditd.summary.actor.secondary","auditd.summary.object.type","auditd.summary.object.primary","auditd.summary.object.secondary","auditd.summary.how","auditd.paths.inode","auditd.paths.dev","auditd.paths.obj_user","auditd.paths.obj_role","auditd.paths.obj_domain","auditd.paths.obj_level","auditd.paths.objtype","auditd.paths.ouid","auditd.paths.rdev","auditd.paths.nametype","auditd.paths.ogid","auditd.paths.item","auditd.paths.mode","auditd.paths.name","auditd.data.action","auditd.data.minor","auditd.data.acct","auditd.data.addr","auditd.data.cipher","auditd.data.id","auditd.data.entries","auditd.data.kind","auditd.data.ksize","auditd.data.spid","auditd.data.arch","auditd.data.argc","auditd.data.major","auditd.data.unit","auditd.data.table","auditd.data.terminal","auditd.data.grantors","auditd.data.direction","auditd.data.op","auditd.data.tty","auditd.data.syscall","auditd.data.data","auditd.data.family","auditd.data.mac","auditd.data.pfs","auditd.data.items","auditd.data.a0","auditd.data.a1","auditd.data.a2","auditd.data.a3","auditd.data.hostname","auditd.data.lport","auditd.data.rport","auditd.data.exit","auditd.data.fp","auditd.data.laddr","auditd.data.sport","auditd.data.capability","auditd.data.nargs","auditd.data.new-enabled","auditd.data.audit_backlog_limit","auditd.data.dir","auditd.data.cap_pe","auditd.data.model","auditd.data.new_pp","auditd.data.old-enabled","auditd.data.oauid","auditd.data.old","auditd.data.banners","auditd.data.feature","auditd.data.vm-ctx","auditd.data.opid","auditd.data.seperms","auditd.data.seresult","auditd.data.new-rng","auditd.data.old-net","auditd.data.sigev_signo","auditd.data.ino","auditd.data.old_enforcing","auditd.data.old-vcpu","auditd.data.range","auditd.data.res","auditd.data.added","auditd.data.fam","auditd.data.nlnk-pid","auditd.data.subj","auditd.data.a[0-3]","auditd.data.cgroup","auditd.data.kernel","auditd.data.ocomm","auditd.data.new-net","auditd.data.permissive","auditd.data.class","auditd.data.compat","auditd.data.fi","auditd.data.changed","auditd.data.msg","auditd.data.dport","auditd.data.new-seuser","auditd.data.invalid_context","auditd.data.dmac","auditd.data.ipx-net","auditd.data.iuid","auditd.data.macproto","auditd.data.obj","auditd.data.ipid","auditd.data.new-fs","auditd.data.vm-pid","auditd.data.cap_pi","auditd.data.old-auid","auditd.data.oses","auditd.data.fd","auditd.data.igid","auditd.data.new-disk","auditd.data.parent","auditd.data.len","auditd.data.oflag","auditd.data.uuid","auditd.data.code","auditd.data.nlnk-grp","auditd.data.cap_fp","auditd.data.new-mem","auditd.data.seperm","auditd.data.enforcing","auditd.data.new-chardev","auditd.data.old-rng","auditd.data.outif","auditd.data.cmd","auditd.data.hook","auditd.data.new-level","auditd.data.sauid","auditd.data.sig","auditd.data.audit_backlog_wait_time","auditd.data.printer","auditd.data.old-mem","auditd.data.perm","auditd.data.old_pi","auditd.data.state","auditd.data.format","auditd.data.new_gid","auditd.data.tcontext","auditd.data.maj","auditd.data.watch","auditd.data.device","auditd.data.grp","auditd.data.bool","auditd.data.icmp_type","auditd.data.new_lock","auditd.data.old_prom","auditd.data.acl","auditd.data.ip","auditd.data.new_pi","auditd.data.default-context","auditd.data.inode_gid","auditd.data.new-log_passwd","auditd.data.new_pe","auditd.data.selected-context","auditd.data.cap_fver","auditd.data.file","auditd.data.net","auditd.data.virt","auditd.data.cap_pp","auditd.data.old-range","auditd.data.resrc","auditd.data.new-range","auditd.data.obj_gid","auditd.data.proto","auditd.data.old-disk","auditd.data.audit_failure","auditd.data.inif","auditd.data.vm","auditd.data.flags","auditd.data.nlnk-fam","auditd.data.old-fs","auditd.data.old-ses","auditd.data.seqno","auditd.data.fver","auditd.data.qbytes","auditd.data.seuser","auditd.data.cap_fe","auditd.data.new-vcpu","auditd.data.old-level","auditd.data.old_pp","auditd.data.daddr","auditd.data.old-role","auditd.data.ioctlcmd","auditd.data.smac","auditd.data.apparmor","auditd.data.fe","auditd.data.perm_mask","auditd.data.ses","auditd.data.cap_fi","auditd.data.obj_uid","auditd.data.reason","auditd.data.list","auditd.data.old_lock","auditd.data.bus","auditd.data.old_pe","auditd.data.new-role","auditd.data.prom","auditd.data.uri","auditd.data.audit_enabled","auditd.data.old-log_passwd","auditd.data.old-seuser","auditd.data.per","auditd.data.scontext","auditd.data.tclass","auditd.data.ver","auditd.data.new","auditd.data.val","auditd.data.img-ctx","auditd.data.old-chardev","auditd.data.old_val","auditd.data.success","auditd.data.inode_uid","auditd.data.removed","auditd.data.socket.port","auditd.data.socket.saddr","auditd.data.socket.addr","auditd.data.socket.family","auditd.data.socket.path","auditd.messages","auditd.warnings","geoip.continent_name","geoip.city_name","geoip.region_name","geoip.country_iso_code","hash.blake2b_256","hash.blake2b_384","hash.blake2b_512","hash.md5","hash.sha1","hash.sha224","hash.sha256","hash.sha384","hash.sha3_224","hash.sha3_256","hash.sha3_384","hash.sha3_512","hash.sha512","hash.sha512_224","hash.sha512_256","hash.xxh64","fields.*"]},"number_of_replicas":"0"}}
[00:06:35]                   │ info [o.e.c.m.MetadataMappingService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1615201685127995231] [auditbeat-users/_7jy6p1rS_uhUwpVmNA56Q] update_mapping [_doc]
[00:06:35]                   │ info [auditbeat/users] Indexed 1 docs into "auditbeat-users"
[00:06:37]                 └-> Ensure data is returned from auditbeat
[00:06:37]                   └-> "before each" hook: global before each for "Ensure data is returned from auditbeat"
[00:06:37]                   │ proc [kibana]   log   [12:05:38.067] [info][authentication][plugins][security] Authentication attempt failed: circuit_breaking_exception
[00:06:38]                   └- ✖ fail: apis SecuritySolution Endpoints Users With auditbeat Ensure data is returned from auditbeat
[00:06:38]                   │      Error: expected 200 "OK", got 429 "Too Many Requests"
[00:06:38]                   │       at Test._assertStatus (/dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:268:12)
[00:06:38]                   │       at Test._assertFunction (/dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:283:11)
[00:06:38]                   │       at Test.assert (/dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:173:18)
[00:06:38]                   │       at assert (/dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:131:12)
[00:06:38]                   │       at /dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:128:5
[00:06:38]                   │       at Test.Request.callback (/dev/shm/workspace/kibana/node_modules/supertest/node_modules/superagent/lib/node/index.js:718:3)
[00:06:38]                   │       at /dev/shm/workspace/kibana/node_modules/supertest/node_modules/superagent/lib/node/index.js:906:18
[00:06:38]                   │       at IncomingMessage.<anonymous> (/dev/shm/workspace/kibana/node_modules/supertest/node_modules/superagent/lib/node/parsers/json.js:19:7)
[00:06:38]                   │       at endReadableNT (internal/streams/readable.js:1327:12)
[00:06:38]                   │       at processTicksAndRejections (internal/process/task_queues.js:80:21)
[00:06:38]                   │ 
[00:06:38]                   │

Stack Trace

Error: expected 200 "OK", got 429 "Too Many Requests"
    at Test._assertStatus (/dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:268:12)
    at Test._assertFunction (/dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:283:11)
    at Test.assert (/dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:173:18)
    at assert (/dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:131:12)
    at /dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:128:5
    at Test.Request.callback (/dev/shm/workspace/kibana/node_modules/supertest/node_modules/superagent/lib/node/index.js:718:3)
    at /dev/shm/workspace/kibana/node_modules/supertest/node_modules/superagent/lib/node/index.js:906:18
    at IncomingMessage.<anonymous> (/dev/shm/workspace/kibana/node_modules/supertest/node_modules/superagent/lib/node/parsers/json.js:19:7)
    at endReadableNT (internal/streams/readable.js:1327:12)
    at processTicksAndRejections (internal/process/task_queues.js:80:21)
Kibana Pipeline / general / X-Pack API Integration Tests.x-pack/test/api_integration/apis/security_solution/users·ts.apis SecuritySolution Endpoints Users With auditbeat "after all" hook for "Ensure data is returned from auditbeat"

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has failed 6 times on tracked branches: https://github.com/elastic/kibana/issues/90136

[00:00:00]       │
[00:00:00]         └-: apis
[00:00:00]           └-> "before all" hook in "apis"
[00:05:24]           └-: SecuritySolution Endpoints
[00:05:24]             └-> "before all" hook in "SecuritySolution Endpoints"
[00:06:35]             └-: Users
[00:06:35]               └-> "before all" hook in "Users"
[00:06:35]               └-: With auditbeat
[00:06:35]                 └-> "before all" hook for "Ensure data is returned from auditbeat"
[00:06:35]                 └-> "before all" hook for "Ensure data is returned from auditbeat"
[00:06:35]                   │ info [auditbeat/users] Loading "mappings.json"
[00:06:35]                   │ info [auditbeat/users] Loading "data.json"
[00:06:35]                   │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1615201685127995231] [auditbeat-users] creating index, cause [api], templates [], shards [1]/[0]
[00:06:35]                   │ info [auditbeat/users] Created index "auditbeat-users"
[00:06:35]                   │ debg [auditbeat/users] "auditbeat-users" settings {"index":{"codec":"best_compression","mapping":{"total_fields":{"limit":"10000"}},"refresh_interval":"5s","number_of_shards":"1","query":{"default_field":["beat.name","beat.hostname","beat.timezone","beat.version","tags","error.message","error.type","meta.cloud.provider","meta.cloud.instance_id","meta.cloud.instance_name","meta.cloud.machine_type","meta.cloud.availability_zone","meta.cloud.project_id","meta.cloud.region","docker.container.id","docker.container.image","docker.container.name","host.name","host.id","host.architecture","host.os.platform","host.os.version","host.os.family","host.mac","kubernetes.pod.name","kubernetes.pod.uid","kubernetes.namespace","kubernetes.node.name","kubernetes.container.name","kubernetes.container.image","event.module","event.action","file.path","raw","file.target_path","file.type","file.device","file.inode","file.uid","file.owner","file.gid","file.group","file.mode","file.origin","raw","file.selinux.user","file.selinux.role","file.selinux.domain","file.selinux.level","event.category","event.type","user.auid","user.uid","user.euid","user.fsuid","user.suid","user.gid","user.egid","user.sgid","user.fsgid","user.name_map.auid","user.name_map.uid","user.name_map.euid","user.name_map.fsuid","user.name_map.suid","user.name_map.gid","user.name_map.egid","user.name_map.sgid","user.name_map.fsgid","user.selinux.user","user.selinux.role","user.selinux.domain","user.selinux.level","user.selinux.category","process.pid","process.ppid","process.name","process.title","process.exe","process.cwd","process.args","source.port","source.hostname","source.path","destination.port","destination.hostname","destination.path","network.direction","auditd.session","auditd.result","auditd.summary.actor.primary","auditd.summary.actor.secondary","auditd.summary.object.type","auditd.summary.object.primary","auditd.summary.object.secondary","auditd.summary.how","auditd.paths.inode","auditd.paths.dev","auditd.paths.obj_user","auditd.paths.obj_role","auditd.paths.obj_domain","auditd.paths.obj_level","auditd.paths.objtype","auditd.paths.ouid","auditd.paths.rdev","auditd.paths.nametype","auditd.paths.ogid","auditd.paths.item","auditd.paths.mode","auditd.paths.name","auditd.data.action","auditd.data.minor","auditd.data.acct","auditd.data.addr","auditd.data.cipher","auditd.data.id","auditd.data.entries","auditd.data.kind","auditd.data.ksize","auditd.data.spid","auditd.data.arch","auditd.data.argc","auditd.data.major","auditd.data.unit","auditd.data.table","auditd.data.terminal","auditd.data.grantors","auditd.data.direction","auditd.data.op","auditd.data.tty","auditd.data.syscall","auditd.data.data","auditd.data.family","auditd.data.mac","auditd.data.pfs","auditd.data.items","auditd.data.a0","auditd.data.a1","auditd.data.a2","auditd.data.a3","auditd.data.hostname","auditd.data.lport","auditd.data.rport","auditd.data.exit","auditd.data.fp","auditd.data.laddr","auditd.data.sport","auditd.data.capability","auditd.data.nargs","auditd.data.new-enabled","auditd.data.audit_backlog_limit","auditd.data.dir","auditd.data.cap_pe","auditd.data.model","auditd.data.new_pp","auditd.data.old-enabled","auditd.data.oauid","auditd.data.old","auditd.data.banners","auditd.data.feature","auditd.data.vm-ctx","auditd.data.opid","auditd.data.seperms","auditd.data.seresult","auditd.data.new-rng","auditd.data.old-net","auditd.data.sigev_signo","auditd.data.ino","auditd.data.old_enforcing","auditd.data.old-vcpu","auditd.data.range","auditd.data.res","auditd.data.added","auditd.data.fam","auditd.data.nlnk-pid","auditd.data.subj","auditd.data.a[0-3]","auditd.data.cgroup","auditd.data.kernel","auditd.data.ocomm","auditd.data.new-net","auditd.data.permissive","auditd.data.class","auditd.data.compat","auditd.data.fi","auditd.data.changed","auditd.data.msg","auditd.data.dport","auditd.data.new-seuser","auditd.data.invalid_context","auditd.data.dmac","auditd.data.ipx-net","auditd.data.iuid","auditd.data.macproto","auditd.data.obj","auditd.data.ipid","auditd.data.new-fs","auditd.data.vm-pid","auditd.data.cap_pi","auditd.data.old-auid","auditd.data.oses","auditd.data.fd","auditd.data.igid","auditd.data.new-disk","auditd.data.parent","auditd.data.len","auditd.data.oflag","auditd.data.uuid","auditd.data.code","auditd.data.nlnk-grp","auditd.data.cap_fp","auditd.data.new-mem","auditd.data.seperm","auditd.data.enforcing","auditd.data.new-chardev","auditd.data.old-rng","auditd.data.outif","auditd.data.cmd","auditd.data.hook","auditd.data.new-level","auditd.data.sauid","auditd.data.sig","auditd.data.audit_backlog_wait_time","auditd.data.printer","auditd.data.old-mem","auditd.data.perm","auditd.data.old_pi","auditd.data.state","auditd.data.format","auditd.data.new_gid","auditd.data.tcontext","auditd.data.maj","auditd.data.watch","auditd.data.device","auditd.data.grp","auditd.data.bool","auditd.data.icmp_type","auditd.data.new_lock","auditd.data.old_prom","auditd.data.acl","auditd.data.ip","auditd.data.new_pi","auditd.data.default-context","auditd.data.inode_gid","auditd.data.new-log_passwd","auditd.data.new_pe","auditd.data.selected-context","auditd.data.cap_fver","auditd.data.file","auditd.data.net","auditd.data.virt","auditd.data.cap_pp","auditd.data.old-range","auditd.data.resrc","auditd.data.new-range","auditd.data.obj_gid","auditd.data.proto","auditd.data.old-disk","auditd.data.audit_failure","auditd.data.inif","auditd.data.vm","auditd.data.flags","auditd.data.nlnk-fam","auditd.data.old-fs","auditd.data.old-ses","auditd.data.seqno","auditd.data.fver","auditd.data.qbytes","auditd.data.seuser","auditd.data.cap_fe","auditd.data.new-vcpu","auditd.data.old-level","auditd.data.old_pp","auditd.data.daddr","auditd.data.old-role","auditd.data.ioctlcmd","auditd.data.smac","auditd.data.apparmor","auditd.data.fe","auditd.data.perm_mask","auditd.data.ses","auditd.data.cap_fi","auditd.data.obj_uid","auditd.data.reason","auditd.data.list","auditd.data.old_lock","auditd.data.bus","auditd.data.old_pe","auditd.data.new-role","auditd.data.prom","auditd.data.uri","auditd.data.audit_enabled","auditd.data.old-log_passwd","auditd.data.old-seuser","auditd.data.per","auditd.data.scontext","auditd.data.tclass","auditd.data.ver","auditd.data.new","auditd.data.val","auditd.data.img-ctx","auditd.data.old-chardev","auditd.data.old_val","auditd.data.success","auditd.data.inode_uid","auditd.data.removed","auditd.data.socket.port","auditd.data.socket.saddr","auditd.data.socket.addr","auditd.data.socket.family","auditd.data.socket.path","auditd.messages","auditd.warnings","geoip.continent_name","geoip.city_name","geoip.region_name","geoip.country_iso_code","hash.blake2b_256","hash.blake2b_384","hash.blake2b_512","hash.md5","hash.sha1","hash.sha224","hash.sha256","hash.sha384","hash.sha3_224","hash.sha3_256","hash.sha3_384","hash.sha3_512","hash.sha512","hash.sha512_224","hash.sha512_256","hash.xxh64","fields.*"]},"number_of_replicas":"0"}}
[00:06:35]                   │ info [o.e.c.m.MetadataMappingService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1615201685127995231] [auditbeat-users/_7jy6p1rS_uhUwpVmNA56Q] update_mapping [_doc]
[00:06:35]                   │ info [auditbeat/users] Indexed 1 docs into "auditbeat-users"
[00:06:37]                 └-> Ensure data is returned from auditbeat
[00:06:37]                   └-> "before each" hook: global before each for "Ensure data is returned from auditbeat"
[00:06:37]                   │ proc [kibana]   log   [12:05:38.067] [info][authentication][plugins][security] Authentication attempt failed: circuit_breaking_exception
[00:06:38]                   └- ✖ fail: apis SecuritySolution Endpoints Users With auditbeat Ensure data is returned from auditbeat
[00:06:38]                   │      Error: expected 200 "OK", got 429 "Too Many Requests"
[00:06:38]                   │       at Test._assertStatus (/dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:268:12)
[00:06:38]                   │       at Test._assertFunction (/dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:283:11)
[00:06:38]                   │       at Test.assert (/dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:173:18)
[00:06:38]                   │       at assert (/dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:131:12)
[00:06:38]                   │       at /dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:128:5
[00:06:38]                   │       at Test.Request.callback (/dev/shm/workspace/kibana/node_modules/supertest/node_modules/superagent/lib/node/index.js:718:3)
[00:06:38]                   │       at /dev/shm/workspace/kibana/node_modules/supertest/node_modules/superagent/lib/node/index.js:906:18
[00:06:38]                   │       at IncomingMessage.<anonymous> (/dev/shm/workspace/kibana/node_modules/supertest/node_modules/superagent/lib/node/parsers/json.js:19:7)
[00:06:38]                   │       at endReadableNT (internal/streams/readable.js:1327:12)
[00:06:38]                   │       at processTicksAndRejections (internal/process/task_queues.js:80:21)
[00:06:38]                   │ 
[00:06:38]                   │ 
[00:06:38]                 └-> "after all" hook for "Ensure data is returned from auditbeat"
[00:06:38]                   │ info [auditbeat/users] Unloading indices from "mappings.json"
[00:06:38]                   └- ✖ fail: apis SecuritySolution Endpoints Users With auditbeat "after all" hook for "Ensure data is returned from auditbeat"
[00:06:38]                   │      ResponseError: circuit_breaking_exception
[00:06:38]                   │       at onBody (/dev/shm/workspace/kibana/node_modules/@elastic/elasticsearch/lib/Transport.js:333:23)
[00:06:38]                   │       at IncomingMessage.onEnd (/dev/shm/workspace/kibana/node_modules/@elastic/elasticsearch/lib/Transport.js:260:11)
[00:06:38]                   │       at endReadableNT (internal/streams/readable.js:1327:12)
[00:06:38]                   │       at processTicksAndRejections (internal/process/task_queues.js:80:21)
[00:06:38]                   │ 
[00:06:38]                   │

Stack Trace

ResponseError: circuit_breaking_exception
    at onBody (/dev/shm/workspace/kibana/node_modules/@elastic/elasticsearch/lib/Transport.js:333:23)
    at IncomingMessage.onEnd (/dev/shm/workspace/kibana/node_modules/@elastic/elasticsearch/lib/Transport.js:260:11)
    at endReadableNT (internal/streams/readable.js:1327:12)
    at processTicksAndRejections (internal/process/task_queues.js:80:21) {
  meta: {
    body: { error: [Object], status: 429 },
    statusCode: 429,
    headers: {
      'content-type': 'application/json;charset=utf-8',
      'content-length': '931'
    },
    meta: {
      context: null,
      request: [Object],
      name: 'elasticsearch-js',
      connection: [Object],
      attempts: 0,
      aborted: false
    }
  }
}

Metrics [docs]

✅ unchanged

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @cnasikas

ymao1
ymao1 approved these changes Mar 8, 2021
View reviewed changes
Copy link
Contributor

@ymao1 ymao1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alerting changes LGTM

YulNaumenko
YulNaumenko approved these changes Mar 8, 2021
View reviewed changes
Copy link
Contributor

@YulNaumenko YulNaumenko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

stephmilovic
stephmilovic approved these changes Mar 8, 2021
View reviewed changes
Copy link
Contributor

@stephmilovic stephmilovic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code looks good. manual testing works as expected for SN ITSM and SecOps. LGTM

@cnasikas cnasikas merged commit faae074 into elastic:master Mar 8, 2021
@cnasikas cnasikas deleted the itsm_fix_comments branch March 8, 2021 14:38
This was referenced Mar 8, 2021
Merged
Merged
cnasikas added a commit to cnasikas/kibana that referenced this pull request Mar 8, 2021
@cnasikas
[Security Solution][Case] Push ITSM comments as work notes (elastic#9…
b794413 
…3916)

* Push ITSM comments as work notes

* Fix cases mapping

* Improve error messages

* Fix tests
cnasikas added a commit that referenced this pull request Mar 8, 2021
@cnasikas
[Security Solution][Case] Push ITSM comments as work notes (#93916) (#…
c36677a 
…93947)

* Push ITSM comments as work notes

* Fix cases mapping

* Improve error messages

* Fix tests
cnasikas added a commit that referenced this pull request Mar 8, 2021
@cnasikas
[Security Solution][Case] Push ITSM comments as work notes (#93916) (#…
93142f3 
…93948)

* Push ITSM comments as work notes

* Fix cases mapping

* Improve error messages

* Fix tests
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@YulNaumenko YulNaumenko YulNaumenko approved these changes

@ymao1 ymao1 ymao1 approved these changes

@stephmilovic stephmilovic stephmilovic approved these changes

Assignees

@cnasikas cnasikas

Labels
release_note:fix Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Team:Threat Hunting Security Solution Threat Hunting Team v7.12.0 v7.13.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@cnasikas @elasticmachine @kibanamachine @stephmilovic @ymao1 @YulNaumenko