diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/alerts_table_flow/rule_exceptions/closing_all_matching_alerts.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/alerts_table_flow/rule_exceptions/closing_all_matching_alerts.cy.ts index e1d06fd91e9c3..fd6fa68200f3d 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/alerts_table_flow/rule_exceptions/closing_all_matching_alerts.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/alerts_table_flow/rule_exceptions/closing_all_matching_alerts.cy.ts @@ -48,9 +48,7 @@ const getExceptionList1 = () => ({ list_id: 'exception_list_1', }); -// Failing: See https://github.com/elastic/kibana/issues/199905 -// Failing: See https://github.com/elastic/kibana/issues/199905 -describe.skip('Close matching Alerts ', { tags: ['@ess', '@serverless'] }, () => { +describe('Close matching Alerts ', { tags: ['@ess', '@serverless'] }, () => { const ITEM_NAME = 'Sample Exception Item'; beforeEach(() => { diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/entry/match_any.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/entry/match_any.cy.ts index 243e184d031f2..eba4440a778f4 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/entry/match_any.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/entry/match_any.cy.ts @@ -45,7 +45,6 @@ describe('Exceptions match_any', { tags: ['@ess', '@serverless'] }, () => { index: ['auditbeat-exceptions-*'], enabled: false, query: '*', - from: 'now-438300h', }) ).then((rule) => visitRuleDetailsPage(rule.body.id, { tab: 'rule_exceptions' })); cy.get(RULE_STATUS).should('have.text', '—'); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/rule_details_flow/add_edit_exception.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/rule_details_flow/add_edit_exception.cy.ts index cc32cba92aca0..c0c087d9a9c70 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/rule_details_flow/add_edit_exception.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/rule_details_flow/add_edit_exception.cy.ts @@ -58,10 +58,7 @@ import { } from '../../../../../tasks/api_calls/exceptions'; import { waitForAlertsToPopulate } from '../../../../../tasks/create_new_rule'; -// TODO: https://github.com/elastic/kibana/issues/161539 -// Failing: See https://github.com/elastic/kibana/issues/220822 -// Failing: See https://github.com/elastic/kibana/issues/220822 -describe.skip( +describe( 'Add/edit exception from rule details', { tags: ['@ess', '@serverless', '@skipInServerless'] }, () => { diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/rule_details_flow/add_edit_exception_data_view.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/rule_details_flow/add_edit_exception_data_view.cy.ts index 72352c9a7b977..9709dd9eb57dc 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/rule_details_flow/add_edit_exception_data_view.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/exceptions/rule_details_flow/add_edit_exception_data_view.cy.ts @@ -47,8 +47,7 @@ import { waitForAlertsToPopulate } from '../../../../../tasks/create_new_rule'; const DATAVIEW = 'auditbeat-exceptions-*'; -// FLAKY: https://github.com/elastic/kibana/issues/182447 -describe.skip( +describe( 'Add exception using data views from rule details', { tags: ['@ess', '@serverless'] }, () => { diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/indicator_match_rule.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/indicator_match_rule.cy.ts index c6e331700afc8..fa045af55f999 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/indicator_match_rule.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/indicator_match_rule.cy.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { formatMitreAttackDescription, getHumanizedDuration } from '../../../../helpers/rules'; +import { formatMitreAttackDescription } from '../../../../helpers/rules'; import { getIndexPatterns, getNewThreatIndicatorRule, @@ -31,7 +31,6 @@ import { ABOUT_DETAILS, ABOUT_INVESTIGATION_NOTES, ABOUT_RULE_DESCRIPTION, - ADDITIONAL_LOOK_BACK_DETAILS, CUSTOM_QUERY_DETAILS, DEFINITION_DETAILS, FALSE_POSITIVES_DETAILS, @@ -488,13 +487,6 @@ describe( getDetails(RUNS_EVERY_DETAILS) .find(INTERVAL_ABBR_VALUE) .should('have.text', `${rule.interval}`); - const humanizedDuration = getHumanizedDuration( - rule.from ?? 'now-6m', - rule.interval ?? '5m' - ); - getDetails(ADDITIONAL_LOOK_BACK_DETAILS) - .find(INTERVAL_ABBR_VALUE) - .should('have.text', `${humanizedDuration}`); }); waitForTheRuleToBeExecuted(); diff --git a/x-pack/test/security_solution_cypress/cypress/objects/rule.ts b/x-pack/test/security_solution_cypress/cypress/objects/rule.ts index a0203cae2566f..c4cc3276ad761 100644 --- a/x-pack/test/security_solution_cypress/cypress/objects/rule.ts +++ b/x-pack/test/security_solution_cypress/cypress/objects/rule.ts @@ -132,7 +132,7 @@ export const getDataViewRule = ( threat: [getMitre1(), getMitre2()], note: '# test markdown', interval: '100m', - from: 'now-50000h', + from: '1900-01-01T00:00:00.000Z', max_signals: 100, ...rewrites, }); @@ -153,7 +153,7 @@ export const getNewRule = ( threat: [getMitre1(), getMitre2()], note: '# test markdown', interval: '100m', - from: 'now-50000h', + from: '1900-01-01T00:00:00.000Z', max_signals: 100, ...rewrites, }); @@ -168,7 +168,7 @@ export const getSavedQueryRule = ( name: 'New Rule Test', description: 'The new rule description.', interval: '100m', - from: 'now-50000h', + from: '1900-01-01T00:00:00.000Z', severity: 'low', risk_score: 21, ...rewrites, @@ -183,7 +183,7 @@ export const getSimpleCustomQueryRule = ( name: 'New Rule Test', description: 'The new rule description.', interval: '100m', - from: 'now-50000h', + from: '1900-01-01T00:00:00.000Z', severity: 'low', risk_score: 21, ...rewrites, @@ -205,7 +205,7 @@ export const getBuildingBlockRule = ( threat: [getMitre1(), getMitre2()], note: '# test markdown', interval: '100m', - from: 'now-50000h', + from: '1900-01-01T00:00:00.000Z', max_signals: 100, building_block_type: 'default', ...rewrites, @@ -227,7 +227,7 @@ export const getUnmappedRule = ( threat: [getMitre1(), getMitre2()], note: '# test markdown', interval: '100m', - from: 'now-50000h', + from: '1900-01-01T00:00:00.000Z', max_signals: 100, ...rewrites, }); @@ -248,7 +248,7 @@ export const getUnmappedCCSRule = ( threat: [getMitre1(), getMitre2()], note: '# test markdown', interval: '100m', - from: 'now-50000h', + from: '1900-01-01T00:00:00.000Z', max_signals: 100, ...rewrites, }); @@ -269,7 +269,7 @@ export const getExistingRule = ( threat: [], note: 'This is my note', interval: '100m', - from: 'now-50000h', + from: '1900-01-01T00:00:00.000Z', // Please do not change, or if you do, needs // to be any number other than default value max_signals: 500, @@ -303,7 +303,7 @@ export const getNewOverrideRule = ( rule_name_override: 'agent.type', timestamp_override: '@timestamp', interval: '100m', - from: 'now-50000h', + from: '1900-01-01T00:00:00.000Z', max_signals: 100, ...rewrites, }); @@ -328,7 +328,7 @@ export const getNewThresholdRule = ( value: 1, }, interval: '100m', - from: 'now-50000h', + from: '1900-01-01T00:00:00.000Z', max_signals: 100, ...rewrites, }); @@ -349,9 +349,9 @@ export const getNewTermsRule = ( threat: [getMitre1(), getMitre2()], note: '# test markdown', new_terms_fields: ['host.name'], - history_window_start: 'now-51000h', + history_window_start: `now-${365 * 150}d`, interval: '100m', - from: 'now-50000h', + from: '1900-01-01T00:00:00.000Z', max_signals: 100, ...rewrites, }); @@ -375,7 +375,7 @@ export const getMachineLearningRule = ( threat: [getMitre1()], note: '# test markdown', interval: '100m', - from: 'now-50000h', + from: '1900-01-01T00:00:00.000Z', ...rewrites, }); @@ -396,7 +396,7 @@ export const getEqlRule = ( threat: [getMitre1(), getMitre2()], note: '# test markdown', interval: '100m', - from: 'now-50000h', + from: '1900-01-01T00:00:00.000Z', max_signals: 100, ...rewrites, }); @@ -417,7 +417,7 @@ export const getEsqlRule = ( threat: [getMitre1(), getMitre2()], note: '# test markdown', interval: '100m', - from: 'now-50000h', + from: '1900-01-01T00:00:00.000Z', max_signals: 100, ...rewrites, }); @@ -439,7 +439,7 @@ export const getCCSEqlRule = ( threat: [getMitre1(), getMitre2()], note: '# test markdown', interval: '100m', - from: 'now-50000h', + from: '1900-01-01T00:00:00.000Z', max_signals: 100, ...rewrites, }); @@ -464,7 +464,7 @@ export const getEqlSequenceRule = ( threat: [getMitre1(), getMitre2()], note: '# test markdown', interval: '100m', - from: 'now-50000h', + from: '1900-01-01T00:00:00.000Z', max_signals: 100, ...rewrites, }); @@ -487,7 +487,7 @@ export const getNewThreatIndicatorRule = ( threat: [getMitre1(), getMitre2()], note: '# test markdown', interval: '100m', - from: 'now-50000h', + from: '2000-01-01T00:00:00.000Z', threat_index: ['filebeat-*'], threat_mapping: [ { @@ -673,7 +673,7 @@ export const getEndpointRule = (): QueryRuleCreateProps => ({ severity: 'high', risk_score: 17, interval: '1m', - from: 'now-50000h', + from: '1900-01-01T00:00:00.000Z', max_signals: 100, exceptions_list: [ {