refactor(#3112): replace fixed timout by dynamic alert searching.

Signed-off-by: Mauro Malara <[email protected]>

tests/end_to_end/test_basic_cases/test_osquery_integration/data/playbooks/generate_events.yaml

@@ -14,9 +14,16 @@
     - name: "{{ event_description }}"
       shell: "{{ command }}"
 
-    - name: Wait for alerts to be generated
-      wait_for:
-        timeout: 5
+    - name: Search alert in alerts log
+      include_role:
+        name: manage_alerts
+        tasks_from: search_alert.yaml
+      vars:
+        timestamp: \d+-\d+-\d+T\d+:\d+:\d+\.\d+[+|-]\d+
+        custom_regex: ".+timestamp\":\"{{ timestamp }}\",.+level\":{{ rule_level }},\"description\":\
+          \"{{ rule_description }}\",\"id\":\"{{ rule_id }}\".+osquery\":.+\"name\":\"{{ osquery_name }}\""
+        attempts: 15
+        time_btw_attempts: 2
 
     - name: Get alert json
       include_role:

tests/end_to_end/test_basic_cases/test_osquery_integration/data/test_cases/cases_osquery_integration.yaml

@@ -8,6 +8,10 @@
     extra:
       data.osquery.name: low_free_memory
     extra_vars:
+      rule_id: 24012
+      rule_description: "osquery: System memory is under 10%"
+      rule_level: 4
+      osquery_name: low_free_memory
       event_description: Stress system memory
       command: >
         stress --vm-bytes $(awk '/MemAvailable/{printf "%d\n", $2 * 0.98;}' < /proc/meminfo)k --vm-keep -m 1 -t 60