From eb541aebed1373daf370d1788529249861cdccb4 Mon Sep 17 00:00:00 2001
From: Mauro Malara <mauro.malara@wazuh.com>
Date: Thu, 1 Sep 2022 13:11:21 -0300
Subject: [PATCH] refactor(#3112): replace fixed timout by dynamic alert
 searching.

Signed-off-by: Mauro Malara <mauro.malara@wazuh.com>
---
 .../data/playbooks/generate_events.yaml             | 13 ++++++++++---
 .../data/test_cases/cases_osquery_integration.yaml  |  4 ++++
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/tests/end_to_end/test_basic_cases/test_osquery_integration/data/playbooks/generate_events.yaml b/tests/end_to_end/test_basic_cases/test_osquery_integration/data/playbooks/generate_events.yaml
index 70ef697960..cc6db33d2b 100644
--- a/tests/end_to_end/test_basic_cases/test_osquery_integration/data/playbooks/generate_events.yaml
+++ b/tests/end_to_end/test_basic_cases/test_osquery_integration/data/playbooks/generate_events.yaml
@@ -14,9 +14,16 @@
     - name: "{{ event_description }}"
       shell: "{{ command }}"
 
-    - name: Wait for alerts to be generated
-      wait_for:
-        timeout: 5
+    - name: Search alert in alerts log
+      include_role:
+        name: manage_alerts
+        tasks_from: search_alert.yaml
+      vars:
+        timestamp: \d+-\d+-\d+T\d+:\d+:\d+\.\d+[+|-]\d+
+        custom_regex: ".+timestamp\":\"{{ timestamp }}\",.+level\":{{ rule_level }},\"description\":\
+          \"{{ rule_description }}\",\"id\":\"{{ rule_id }}\".+osquery\":.+\"name\":\"{{ osquery_name }}\""
+        attempts: 15
+        time_btw_attempts: 2
 
     - name: Get alert json
       include_role:
diff --git a/tests/end_to_end/test_basic_cases/test_osquery_integration/data/test_cases/cases_osquery_integration.yaml b/tests/end_to_end/test_basic_cases/test_osquery_integration/data/test_cases/cases_osquery_integration.yaml
index 7c95fe3763..b81ec04b69 100644
--- a/tests/end_to_end/test_basic_cases/test_osquery_integration/data/test_cases/cases_osquery_integration.yaml
+++ b/tests/end_to_end/test_basic_cases/test_osquery_integration/data/test_cases/cases_osquery_integration.yaml
@@ -8,6 +8,10 @@
     extra:
       data.osquery.name: low_free_memory
     extra_vars:
+      rule_id: 24012
+      rule_description: "osquery: System memory is under 10%"
+      rule_level: 4
+      osquery_name: low_free_memory
       event_description: Stress system memory
       command: >
         stress --vm-bytes $(awk '/MemAvailable/{printf "%d\n", $2 * 0.98;}' < /proc/meminfo)k --vm-keep -m 1 -t 60