[7.x] [SIEM][Detections Engine] - Update rule.lists to be rule.exceptions_list (#63717) #63917

yctercero · 2020-04-17T23:00:05Z

Backports the following commits to 7.x:

[SIEM][Detections Engine] - Update rule.lists to be rule.exceptions_list ([SIEM][Detections Engine] - Update rule.lists to be rule.exceptions_list #63717)

…ist (elastic#63717) ### Summary [63717] This PR updates the rules lists param to be `exceptions_list`. This is done in an attempt to make the terminology less confusing as lists will generally be referring to the big lists values. It should also make it more clear that the `exceptions_list` logic is being applied as a double not.

kibanamachine · 2020-04-18T00:52:35Z

💔 Build Failed

continuous-integration/kibana-ci/pull-request
Commit: 2623fff
Pipeline Steps (look for red circles / failed steps)
Interpreting CI Failures

Failed CI Steps

Test Failures

Kibana Pipeline / kibana-xpack-agent / X-Pack Detection Engine API Integration Tests.x-pack/test/detection_engine_api_integration/security_and_spaces/tests/find_statuses·ts.detection engine api security and spaces enabled find_statuses should return a single rule status when a single rule is loaded from a find status with defaults added

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has failed 13 times on tracked branches: https://github.com/elastic/kibana/issues/63747

[00:00:00]       │
[00:00:00]         └-: detection engine api security and spaces enabled
[00:00:00]           └-> "before all" hook
[00:02:10]           └-: find_statuses
[00:02:10]             └-> "before all" hook
[00:02:10]             └-> should return an empty find statuses body correctly if no statuses are loaded
[00:02:10]               └-> "before each" hook: global before each
[00:02:10]               └-> "before each" hook
[00:02:10]                 │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-debian-tests-xl-1587164433047921623] adding index lifecycle policy [.siem-signals-default]
[00:02:10]                 │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-debian-tests-xl-1587164433047921623] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:02:10]                 │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-debian-tests-xl-1587164433047921623] applying create index request using v1 templates [org.elasticsearch.cluster.metadata.IndexTemplateMetadata@1ddb4c0d]
[00:02:10]                 │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-debian-tests-xl-1587164433047921623] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1], mappings [_doc]
[00:02:10]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-debian-tests-xl-1587164433047921623] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:02:10]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-debian-tests-xl-1587164433047921623] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.siem-signals-default]
[00:02:10]               │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-debian-tests-xl-1587164433047921623] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [.siem-signals-default]
[00:02:10]               └- ✓ pass  (50ms) "detection engine api security and spaces enabled find_statuses should return an empty find statuses body correctly if no statuses are loaded"
[00:02:10]             └-> "after each" hook
[00:02:10]               │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-debian-tests-xl-1587164433047921623] [.siem-signals-default-000001/mHyyszO3QfO3hWKszZXy6Q] deleting index
[00:02:10]               │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-debian-tests-xl-1587164433047921623] removing template [.siem-signals-default]
[00:02:10]             └-> should return a single rule status when a single rule is loaded from a find status with defaults added
[00:02:10]               └-> "before each" hook: global before each
[00:02:10]               └-> "before each" hook
[00:02:10]                 │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-debian-tests-xl-1587164433047921623] adding index lifecycle policy [.siem-signals-default]
[00:02:10]                 │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-debian-tests-xl-1587164433047921623] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:02:10]                 │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-debian-tests-xl-1587164433047921623] applying create index request using v1 templates [org.elasticsearch.cluster.metadata.IndexTemplateMetadata@1ddb4c0d]
[00:02:10]                 │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-debian-tests-xl-1587164433047921623] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1], mappings [_doc]
[00:02:10]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-debian-tests-xl-1587164433047921623] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:02:11]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-debian-tests-xl-1587164433047921623] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.siem-signals-default]
[00:02:11]               │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-debian-tests-xl-1587164433047921623] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [.siem-signals-default]
[00:02:16]               └- ✖ fail: "detection engine api security and spaces enabled find_statuses should return a single rule status when a single rule is loaded from a find status with defaults added"
[00:02:16]               │

Stack Trace

TypeError: Cannot read property 'status' of null
    at Promise.then (test/detection_engine_api_integration/security_and_spaces/tests/find_statuses.ts:62:90)

Kibana Pipeline / kibana-xpack-agent / X-Pack Detection Engine API Integration Tests.x-pack/test/detection_engine_api_integration/security_and_spaces/tests/find_statuses·ts.detection engine api security and spaces enabled find_statuses should return a single rule status when a single rule is loaded from a find status with defaults added

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has failed 13 times on tracked branches: https://github.com/elastic/kibana/issues/63747

[00:00:00]       │
[00:00:00]         └-: detection engine api security and spaces enabled
[00:00:00]           └-> "before all" hook
[00:02:16]           └-: find_statuses
[00:02:16]             └-> "before all" hook
[00:02:16]             └-> should return an empty find statuses body correctly if no statuses are loaded
[00:02:16]               └-> "before each" hook: global before each
[00:02:16]               └-> "before each" hook
[00:02:16]                 │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-debian-tests-xl-1587164433047921623] adding index lifecycle policy [.siem-signals-default]
[00:02:16]                 │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-debian-tests-xl-1587164433047921623] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:02:17]                 │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-debian-tests-xl-1587164433047921623] applying create index request using v1 templates [org.elasticsearch.cluster.metadata.IndexTemplateMetadata@1ddb4c0d]
[00:02:17]                 │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-debian-tests-xl-1587164433047921623] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1], mappings [_doc]
[00:02:17]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-debian-tests-xl-1587164433047921623] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:02:17]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-debian-tests-xl-1587164433047921623] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.siem-signals-default]
[00:02:17]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-debian-tests-xl-1587164433047921623] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [.siem-signals-default]
[00:02:17]               └- ✓ pass  (65ms) "detection engine api security and spaces enabled find_statuses should return an empty find statuses body correctly if no statuses are loaded"
[00:02:17]             └-> "after each" hook
[00:02:17]               │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-debian-tests-xl-1587164433047921623] [.siem-signals-default-000001/mxGj_4DATYOzpX2tYRxFzQ] deleting index
[00:02:17]               │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-debian-tests-xl-1587164433047921623] removing template [.siem-signals-default]
[00:02:17]             └-> should return a single rule status when a single rule is loaded from a find status with defaults added
[00:02:17]               └-> "before each" hook: global before each
[00:02:17]               └-> "before each" hook
[00:02:17]                 │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-debian-tests-xl-1587164433047921623] adding index lifecycle policy [.siem-signals-default]
[00:02:17]                 │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-debian-tests-xl-1587164433047921623] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:02:17]                 │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-debian-tests-xl-1587164433047921623] applying create index request using v1 templates [org.elasticsearch.cluster.metadata.IndexTemplateMetadata@1ddb4c0d]
[00:02:17]                 │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-debian-tests-xl-1587164433047921623] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1], mappings [_doc]
[00:02:17]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-debian-tests-xl-1587164433047921623] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:02:17]                 │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-debian-tests-xl-1587164433047921623] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] in policy [.siem-signals-default]
[00:02:17]               │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-debian-tests-xl-1587164433047921623] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"wait-for-indexing-complete"}] to [{"phase":"hot","action":"unfollow","name":"wait-for-follow-shard-tasks"}] in policy [.siem-signals-default]
[00:02:21]               └- ✖ fail: "detection engine api security and spaces enabled find_statuses should return a single rule status when a single rule is loaded from a find status with defaults added"
[00:02:21]               │

Stack Trace

TypeError: Cannot read property 'status' of null
    at Promise.then (test/detection_engine_api_integration/security_and_spaces/tests/find_statuses.ts:62:90)

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

yctercero · 2020-04-20T14:12:05Z

Closing out - didn't pick up folder change resulting in massive conflicts. Using #63962 instead. Thanks @FrankHassanabad !

yctercero added the backport label Apr 17, 2020

yctercero closed this Apr 20, 2020

yctercero deleted the backport/7.x/pr-63717 branch July 20, 2020 01:44

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[7.x] [SIEM][Detections Engine] - Update rule.lists to be rule.exceptions_list (#63717) #63917

[7.x] [SIEM][Detections Engine] - Update rule.lists to be rule.exceptions_list (#63717) #63917

yctercero commented Apr 17, 2020

kibanamachine commented Apr 18, 2020

Standard Out

Stack Trace

Standard Out

Stack Trace

yctercero commented Apr 20, 2020

[7.x] [SIEM][Detections Engine] - Update rule.lists to be rule.exceptions_list (#63717) #63917

[7.x] [SIEM][Detections Engine] - Update rule.lists to be rule.exceptions_list (#63717) #63917

Conversation

yctercero commented Apr 17, 2020

kibanamachine commented Apr 18, 2020

💔 Build Failed

Failed CI Steps

Test Failures

Standard Out

Stack Trace

Standard Out

Stack Trace

yctercero commented Apr 20, 2020