[7.x] [SIEM] Detection Fix typo in Adobe Hijack Persistence rule (#58804)

[FrankHassanabad]

Backports the following commits to 7.x:

• [SIEM] Detection Fix typo in Adobe Hijack Persistence rule ([SIEM] Detection Fix typo in Adobe Hijack Persistence rule #58804)

[FrankHassanabad]

test this

[kibanamachine]

💛 Build succeeded, but was flaky

• continuous-integration/kibana-ci/pull-request
• Commit: 29b181a
• Flaky suites:
  • kibana-ciGroup1

---

Test Failures

Kibana Pipeline / kibana-oss-agent / Chrome UI Functional Tests.test/functional/apps/timelion/_expression_typeahead·js.timelion app expression typeahead "before all" hook

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has failed 16 times on tracked branches: https://github.com/elastic/kibana/issues/58817

[00:00:00]       │
[00:03:14]         └-: timelion app
[00:03:14]           └-> "before all" hook
[00:03:14]           └-> "before all" hook
[00:03:14]             │ debg Starting timelion before method
[00:03:14]             │ info [logstash_functional] Loading "mappings.json"
[00:03:14]             │ info [logstash_functional] Loading "data.json.gz"
[00:03:14]             │ info [o.e.c.m.MetaDataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xl-1583122406966585483] [logstash-2015.09.22] creating index, cause [api], templates [], shards [1]/[0], mappings [_doc]
[00:03:14]             │ info [o.e.c.r.a.AllocationService] [kibana-ci-immutable-ubuntu-16-tests-xl-1583122406966585483] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[logstash-2015.09.22][0]]]).
[00:03:14]             │ info [logstash_functional] Created index "logstash-2015.09.22"
[00:03:14]             │ debg [logstash_functional] "logstash-2015.09.22" settings {"index":{"analysis":{"analyzer":{"url":{"max_token_length":"1000","tokenizer":"uax_url_email","type":"standard"}}},"number_of_replicas":"0","number_of_shards":"1"}}
[00:03:14]             │ info [o.e.c.m.MetaDataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xl-1583122406966585483] [logstash-2015.09.20] creating index, cause [api], templates [], shards [1]/[0], mappings [_doc]
[00:03:14]             │ debg TestSubjects.exists(filter filter-disabled filter-key-geo.src filter-value-IN)
[00:03:14]             │ debg Find.existsByCssSelector('[data-test-subj="filter filter-disabled filter-key-geo.src filter-value-IN"]') with timeout=2500
[00:03:14]             │ info [o.e.c.r.a.AllocationService] [kibana-ci-immutable-ubuntu-16-tests-xl-1583122406966585483] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[logstash-2015.09.20][0]]]).
[00:03:14]             │ info [logstash_functional] Created index "logstash-2015.09.20"
[00:03:14]             │ debg [logstash_functional] "logstash-2015.09.20" settings {"index":{"analysis":{"analyzer":{"url":{"max_token_length":"1000","tokenizer":"uax_url_email","type":"standard"}}},"number_of_replicas":"0","number_of_shards":"1"}}
[00:03:14]             │ info [o.e.c.m.MetaDataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xl-1583122406966585483] [logstash-2015.09.21] creating index, cause [api], templates [], shards [1]/[0], mappings [_doc]
[00:03:14]             │ info [o.e.c.r.a.AllocationService] [kibana-ci-immutable-ubuntu-16-tests-xl-1583122406966585483] Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[logstash-2015.09.21][0]]]).
[00:03:14]             │ info [logstash_functional] Created index "logstash-2015.09.21"
[00:03:14]             │ debg [logstash_functional] "logstash-2015.09.21" settings {"index":{"analysis":{"analyzer":{"url":{"max_token_length":"1000","tokenizer":"uax_url_email","type":"standard"}}},"number_of_replicas":"0","number_of_shards":"1"}}
[00:03:17]             │ debg --- retry.try failed again with the same message...
[00:03:17]             │ debg TestSubjects.exists(filter filter-disabled filter-key-geo.src filter-value-IN)
[00:03:17]             │ debg Find.existsByCssSelector('[data-test-subj="filter filter-disabled filter-key-geo.src filter-value-IN"]') with timeout=2500
[00:03:20]             │ debg --- retry.try failed again with the same message...
[00:03:20]             │ debg TestSubjects.exists(filter filter-disabled filter-key-geo.src filter-value-IN)
[00:03:20]             │ debg Find.existsByCssSelector('[data-test-subj="filter filter-disabled filter-key-geo.src filter-value-IN"]') with timeout=2500
[00:03:23]             │ debg --- retry.try failed again with the same message...
[00:03:23]             │ debg TestSubjects.exists(filter filter-disabled filter-key-geo.src filter-value-IN)
[00:03:23]             │ debg Find.existsByCssSelector('[data-test-subj="filter filter-disabled filter-key-geo.src filter-value-IN"]') with timeout=2500
[00:03:24]             │ info progress: 10837
[00:03:26]             │ debg --- retry.try failed again with the same message...
[00:03:26]             │ debg TestSubjects.exists(filter filter-disabled filter-key-geo.src filter-value-IN)
[00:03:26]             │ debg Find.existsByCssSelector('[data-test-subj="filter filter-disabled filter-key-geo.src filter-value-IN"]') with timeout=2500
[00:03:27]             │ info [logstash_functional] Indexed 4633 docs into "logstash-2015.09.22"
[00:03:27]             │ info [logstash_functional] Indexed 4757 docs into "logstash-2015.09.20"
[00:03:27]             │ info [logstash_functional] Indexed 4614 docs into "logstash-2015.09.21"
[00:03:27]             │ debg replacing kibana config doc: {"defaultIndex":"logstash-*"}
[00:03:27]           └-: expression typeahead
[00:03:27]             └-> "before all" hook
[00:03:29]               │ debg --- retry.try failed again with the same message...
[00:03:29]             └-> "before all" hook
[00:03:29]               │ debg replacing kibana config doc: {"defaultIndex":"logstash-*"}
[00:03:29]               │ debg TestSubjects.exists(filter filter-disabled filter-key-geo.src filter-value-IN)
[00:03:29]               │ debg Find.existsByCssSelector('[data-test-subj="filter filter-disabled filter-key-geo.src filter-value-IN"]') with timeout=2500
[00:03:30]               │ debg load kibana index
[00:03:30]               │ info [timelion] Loading "mappings.json"
[00:03:30]               │ info [timelion] Loading "data.json.gz"
[00:03:30]               │ info [o.e.c.m.MetaDataDeleteIndexService] [kibana-ci-immutable-ubuntu-16-tests-xl-1583122406966585483] [.kibana_2/Gk_5_DBQSKy2j_JofbzBLw] deleting index
[00:03:30]               │ info [o.e.c.m.MetaDataDeleteIndexService] [kibana-ci-immutable-ubuntu-16-tests-xl-1583122406966585483] [.kibana_1/pSrKIfc-QPKo0aSnzUt3aw] deleting index
[00:03:30]               │ info [o.e.c.m.MetaDataDeleteIndexService] [kibana-ci-immutable-ubuntu-16-tests-xl-1583122406966585483] [.kibana_3/N5o_pH1XSGir4Iv7eE5MuQ] deleting index
[00:03:30]               │ info [timelion] Deleted existing index [".kibana_2",".kibana_1",".kibana_3"]
[00:03:30]               │ info [o.e.c.m.MetaDataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xl-1583122406966585483] [.kibana] creating index, cause [api], templates [], shards [1]/[1], mappings [_doc]
[00:03:30]               │ info [timelion] Created index ".kibana"
[00:03:30]               │ debg [timelion] ".kibana" settings {"index":{"number_of_replicas":"1","number_of_shards":"1"}}
[00:03:30]               │ info [timelion] Indexed 1 docs into ".kibana"
[00:03:30]               │ info [o.e.c.m.MetaDataMappingService] [kibana-ci-immutable-ubuntu-16-tests-xl-1583122406966585483] [.kibana/tzu1KbP1QfiuObPWI2FPPw] update_mapping [_doc]
[00:03:30]               │ debg Migrating saved objects
[00:03:30]               │ proc [kibana]   log   [04:37:22.022] [info][savedobjects-service] Creating index .kibana_2.
[00:03:30]               │ info [o.e.c.m.MetaDataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xl-1583122406966585483] [.kibana_2] creating index, cause [api], templates [], shards [1]/[1], mappings [_doc]
[00:03:30]               │ info [o.e.c.r.a.AllocationService] [kibana-ci-immutable-ubuntu-16-tests-xl-1583122406966585483] updating number_of_replicas to [0] for indices [.kibana_2]
[00:03:31]               │ proc [kibana]   log   [04:37:22.144] [info][savedobjects-service] Reindexing .kibana to .kibana_1
[00:03:31]               │ info [o.e.c.m.MetaDataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xl-1583122406966585483] [.kibana_1] creating index, cause [api], templates [], shards [1]/[1], mappings [_doc]
[00:03:31]               │ info [o.e.c.r.a.AllocationService] [kibana-ci-immutable-ubuntu-16-tests-xl-1583122406966585483] updating number_of_replicas to [0] for indices [.kibana_1]
[00:03:31]               │ info [o.e.t.LoggingTaskListener] [kibana-ci-immutable-ubuntu-16-tests-xl-1583122406966585483] 2697 finished with response BulkByScrollResponse[took=55.1ms,timed_out=false,sliceId=null,updated=0,created=1,deleted=0,batches=1,versionConflicts=0,noops=0,retries=0,throttledUntil=0s,bulk_failures=[],search_failures=[]]
[00:03:31]               │ info [o.e.c.m.MetaDataDeleteIndexService] [kibana-ci-immutable-ubuntu-16-tests-xl-1583122406966585483] [.kibana/tzu1KbP1QfiuObPWI2FPPw] deleting index
[00:03:31]               │ proc [kibana]   log   [04:37:22.552] [info][savedobjects-service] Migrating .kibana_1 saved objects to .kibana_2
[00:03:31]               │ info [o.e.c.m.MetaDataMappingService] [kibana-ci-immutable-ubuntu-16-tests-xl-1583122406966585483] [.kibana_2/9Xkh7NUPSiKZFYRrOoWvsg] update_mapping [_doc]
[00:03:31]               │ proc [kibana]   log   [04:37:22.615] [info][savedobjects-service] Pointing alias .kibana to .kibana_2.
[00:03:31]               │ proc [kibana]   log   [04:37:22.717] [info][savedobjects-service] Finished in 706ms.
[00:03:31]               │ debg applying update to kibana config: {"accessibility:disableAnimations":true,"dateFormat:tz":"UTC"}
[00:03:32]               │ info [o.e.c.m.MetaDataMappingService] [kibana-ci-immutable-ubuntu-16-tests-xl-1583122406966585483] [.kibana_2/9Xkh7NUPSiKZFYRrOoWvsg] update_mapping [_doc]
[00:03:32]               │ debg --- retry.try failed again with the same message...
[00:03:33]               │ debg TestSubjects.exists(filter filter-disabled filter-key-geo.src filter-value-IN)
[00:03:33]               │ debg Find.existsByCssSelector('[data-test-subj="filter filter-disabled filter-key-geo.src filter-value-IN"]') with timeout=2500
[00:03:33]               │ debg navigating to timelion url: http://localhost:6111/app/timelion
[00:03:33]               │ debg Navigate to: http://localhost:6111/app/timelion
[00:03:35]               │ debg ... sleep(700) start
[00:03:35]               │ debg browser[INFO] http://localhost:6111/app/timelion?_t=1583123844162 350 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-P5polb1UreUSOe5V/Pv7tc+yeZuJXiOi/3fqhGsU7BE='), or a nonce ('nonce-...') is required to enable inline execution.
[00:03:35]               │
[00:03:35]               │ debg browser[INFO] http://localhost:6111/bundles/app/timelion/bootstrap.js 9:19 "^ A single error about an inline script not firing due to content security policy is expected!"
[00:03:35]               │ debg --- retry.try failed again with the same message...
[00:03:36]               └- ✖ fail: "timelion app expression typeahead "before all" hook"
[00:03:36]               │

Stack Trace

{ DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
    at emitDeprecationWarning (internal/process/promises.js:111:13)
    at emitWarning (internal/process/promises.js:104:3)
    at emitPromiseRejectionWarnings (internal/process/promises.js:143:7)
    at process._tickCallback (internal/process/next_tick.js:69:34) name: 'DeprecationWarning', code: 'DEP0018', uncaught: true }

---

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream