From 0c49fc49b1bf8f56403669e392490539284ad3da Mon Sep 17 00:00:00 2001
From: Madison Caldwell <madison.caldwell@elastic.co>
Date: Tue, 22 Mar 2022 10:46:27 -0400
Subject: [PATCH] Test notifications on rule timeout (revert this)

---
 .../create_security_rule_type_wrapper.ts           |  1 +
 .../signals/search_after_bulk_create.ts            | 14 +++++++++++++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/create_security_rule_type_wrapper.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/create_security_rule_type_wrapper.ts
index 0e8a7b93a8589..d93d80da0d152 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/create_security_rule_type_wrapper.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/create_security_rule_type_wrapper.ts
@@ -50,6 +50,7 @@ export const createSecurityRuleTypeWrapper: CreateSecurityRuleTypeWrapper =
     const persistenceRuleType = createPersistenceRuleTypeWrapper({ ruleDataClient, logger });
     return persistenceRuleType({
       ...type,
+      ruleTaskTimeout: '10s',
       cancelAlertsOnRuleTimeout: false,
       useSavedObjectReferences: {
         extractReferences: (params) => extractReferences({ logger, params }),
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.ts
index 99230627cb6b8..25b3fb4ecdb15 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/search_after_bulk_create.ts
@@ -70,6 +70,17 @@ export const searchAfterAndBulkCreate = async ({
         if (hasSortId) {
           const { searchResult, searchDuration, searchErrors } = await singleSearchAfter({
             buildRuleMessage,
+            // time out after 2 signals created
+            aggregations:
+              signalsCreatedCount > 0
+                ? {
+                    delay: {
+                      shard_delay: {
+                        value: '30s',
+                      },
+                    },
+                  }
+                : {},
             searchAfterSortIds: sortIds,
             index: inputIndexPattern,
             from: tuple.from.toISOString(),
@@ -78,7 +89,8 @@ export const searchAfterAndBulkCreate = async ({
             logger,
             // @ts-expect-error please, declare a type explicitly instead of unknown
             filter,
-            pageSize: Math.ceil(Math.min(tuple.maxSignals, pageSize)),
+            // pageSize: Math.ceil(Math.min(tuple.maxSignals, pageSize)),
+            pageSize: 2,
             timestampOverride: ruleParams.timestampOverride,
             trackTotalHits,
             sortOrder,