You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[8.19] [Detection Engine] Prevent test data from rolling outside of Cypress rules' query (#220923) (#221439)
# Backport
This will backport the following commits from `main` to `8.19`:
- [[Detection Engine] Prevent test data from rolling outside of Cypress
rules' query (#220923)](#220923)
<!--- Backport version: 10.0.0 -->
### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)
<!--BACKPORT [{"author":{"name":"Ryland
Herrick","email":"[email protected]"},"sourceCommit":{"committedDate":"2025-05-23T20:16:26Z","message":"[Detection
Engine] Prevent test data from rolling outside of Cypress rules' query
(#220923)\n\n## Summary\n\nOur tests rely on static test data, and our
cypress suite was running\nrules with a large lookback (50000h) against
them. Recently, tests have\nbegun failing because we've exceeded 50000h
since the data's\n`@timestamp`. This PR updates the cypress rules to use
a fixed `from`\nfield wherever possible, in order to \"fix\" that query
window's starting\npoint, ensuring that this issue does not recur. This
is already how our\nintegration tests are creating similar rules, so as
an added bonus we're\nnow more consistent across test suites, as
well.\n\nThis unskips and thus resolves the following issues:\n\n*
https://github.com/elastic/kibana/issues/201334\n*https://github.com/elastic/kibana/issues/220822\n*https://github.com/elastic/kibana/issues/207913\n*https://github.com/elastic/kibana/issues/199905\n\nNote that there may
be more instances of skipped tests that were failing\ndue to this issue
(with e.g. data with an earlier date than the\n`2019-09-02` here); the
above tests were just the most obvious and most\nrecent (within the last
week).\n\n### Flaky Runner\n* Detection Engine Cypress
(x150):\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8291\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common
scenarios","sha":"1f6777c40130e9804faa1b7a4a33f5e1655053a7","branchLabelMapping":{"^v9.1.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","backport:prev-minor","backport:prev-major","Team:Detection
Engine","backport:current-major","Test:Cypress","v9.1.0"],"title":"[Detection
Engine] Prevent test data from rolling outside of Cypress rules'
query","number":220923,"url":"https://github.com/elastic/kibana/pull/220923","mergeCommit":{"message":"[Detection
Engine] Prevent test data from rolling outside of Cypress rules' query
(#220923)\n\n## Summary\n\nOur tests rely on static test data, and our
cypress suite was running\nrules with a large lookback (50000h) against
them. Recently, tests have\nbegun failing because we've exceeded 50000h
since the data's\n`@timestamp`. This PR updates the cypress rules to use
a fixed `from`\nfield wherever possible, in order to \"fix\" that query
window's starting\npoint, ensuring that this issue does not recur. This
is already how our\nintegration tests are creating similar rules, so as
an added bonus we're\nnow more consistent across test suites, as
well.\n\nThis unskips and thus resolves the following issues:\n\n*
https://github.com/elastic/kibana/issues/201334\n*https://github.com/elastic/kibana/issues/220822\n*https://github.com/elastic/kibana/issues/207913\n*https://github.com/elastic/kibana/issues/199905\n\nNote that there may
be more instances of skipped tests that were failing\ndue to this issue
(with e.g. data with an earlier date than the\n`2019-09-02` here); the
above tests were just the most obvious and most\nrecent (within the last
week).\n\n### Flaky Runner\n* Detection Engine Cypress
(x150):\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8291\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common
scenarios","sha":"1f6777c40130e9804faa1b7a4a33f5e1655053a7"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/220923","number":220923,"mergeCommit":{"message":"[Detection
Engine] Prevent test data from rolling outside of Cypress rules' query
(#220923)\n\n## Summary\n\nOur tests rely on static test data, and our
cypress suite was running\nrules with a large lookback (50000h) against
them. Recently, tests have\nbegun failing because we've exceeded 50000h
since the data's\n`@timestamp`. This PR updates the cypress rules to use
a fixed `from`\nfield wherever possible, in order to \"fix\" that query
window's starting\npoint, ensuring that this issue does not recur. This
is already how our\nintegration tests are creating similar rules, so as
an added bonus we're\nnow more consistent across test suites, as
well.\n\nThis unskips and thus resolves the following issues:\n\n*
https://github.com/elastic/kibana/issues/201334\n*https://github.com/elastic/kibana/issues/220822\n*https://github.com/elastic/kibana/issues/207913\n*https://github.com/elastic/kibana/issues/199905\n\nNote that there may
be more instances of skipped tests that were failing\ndue to this issue
(with e.g. data with an earlier date than the\n`2019-09-02` here); the
above tests were just the most obvious and most\nrecent (within the last
week).\n\n### Flaky Runner\n* Detection Engine Cypress
(x150):\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/8291\n\n###
Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers
should verify this PR satisfies this list as well.\n\n- [x] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common
scenarios","sha":"1f6777c40130e9804faa1b7a4a33f5e1655053a7"}}]}]
BACKPORT-->
Copy file name to clipboardExpand all lines: x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/alerts_table_flow/rule_exceptions/closing_all_matching_alerts.cy.ts
Copy file name to clipboardExpand all lines: x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/entry/match_any.cy.ts
Copy file name to clipboardExpand all lines: x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/rule_details_flow/add_edit_exception.cy.ts
Copy file name to clipboardExpand all lines: x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/rule_details_flow/add_edit_exception_data_view.cy.ts
+1-3Lines changed: 1 addition & 3 deletions
Original file line number
Diff line number
Diff line change
@@ -47,9 +47,7 @@ import { waitForAlertsToPopulate } from '../../../../../tasks/create_new_rule';
47
47
48
48
constDATAVIEW='auditbeat-exceptions-*';
49
49
50
-
// Failing: See https://github.com/elastic/kibana/issues/207913
51
-
// Failing: See https://github.com/elastic/kibana/issues/207913
52
-
describe.skip(
50
+
describe(
53
51
'Add exception using data views from rule details',
Copy file name to clipboardExpand all lines: x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/indicator_match_rule.cy.ts
0 commit comments