[Security Solution] Implement reliable tests to catch OOMs during rules package installation #188090
Labels
8.18 candidate
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
technical debt
Improvement of the software architecture and operational architecture
Comments
xcrzx
added
bug
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
xcrzx
added
technical debt
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Epic: #174168
Summary
Our existing package installation test has not been effective in catching potential OOMs. The test is designed to emulate the installation of 15,000 rules. However, in a Serverless environment, we've seen OOMs when installing ~5,000 rules. This might be because the integration test limits the heap but cannot control external memory, and in our investigation, we saw a significant amount of external memory being used before an OOM (300+MB).
We need to add an MKI test so that even if we tweak the heap or memory on Serverless, our test will continue to prevent regression.
The text was updated successfully, but these errors were encountered: