Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Detections] Ignore interim results in ML Rule anomalies query #90316

Merged
merged 2 commits into from
Feb 9, 2021
Merged

[Security Solution][Detections] Ignore interim results in ML Rule anomalies query #90316

merged 2 commits into from
Feb 9, 2021

Conversation

rylnd
Copy link
Contributor

@rylnd rylnd commented Feb 4, 2021
edited
Loading

Summary

We were incorrectly including records with is_interim: true in our anomalies query, which lead to false positive signals if the rule executed while an anomaly's score was (temporarily) above the specified threshold, but then drops below after re-evaluation. While record_score may continue to be re-evaluated after is_interim: false is set, any changes at that point would be in reaction to new anomalous data, which would have its own alert.

Checklist

Delete any items that are not applicable to this PR.

For maintainers

@rylnd
Ignore intermediate records in ML Rule anomalies query
41a1b23 
We were incorrectly including records with is_interim: true in our
query, which lead to false positive signals if the rule executed while
an anomaly's score was (temporarily) above the specified threshold, but
then dipped below after it was finalized.
@rylnd rylnd added bug Fixes for quality problems that affect the customer experience release_note:fix v8.0.0 v7.12.0 Team:Detections and Resp Security Detection Response Team labels Feb 4, 2021
@rylnd rylnd self-assigned this Feb 4, 2021
@rylnd rylnd requested review from a team as code owners February 4, 2021 18:36
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@rylnd rylnd added the v7.11.1 label Feb 4, 2021
FrankHassanabad
FrankHassanabad approved these changes Feb 4, 2021
View reviewed changes
Copy link
Contributor

@FrankHassanabad FrankHassanabad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, The spice must flow!

spong
spong approved these changes Feb 5, 2021
View reviewed changes
Copy link
Member

@spong spong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM as well! Thanks for seeing this one through @rylnd! And all the debugging, and even squeezing some type fixes in here as well too! 😉 🌶️ ⏳

Gonna sneak this blog post about bucket spans in here for anyone passing by -- learned a ton from this post about the interworkings of ML, so definitely worth giving a gander!

https://www.elastic.co/blog/explaining-the-bucket-span-in-machine-learning-for-elasticsearch

benwtrent
benwtrent reviewed Feb 5, 2021
View reviewed changes
x-pack/plugins/security_solution/server/lib/machine_learning/index.test.ts
Comment on lines +114 to +121
expect(filters).toEqual(
expect.arrayContaining([
{
term: {
is_interim: false,
},
},
])
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FYI, this means that alerts won't fire for anomalies until after the bucket has been completed.

For short buckets, this is cool (like, 15m). But if there are jobs with 1hr+ length buckets, it means an anomaly won't trigger this alert until after a whole hour.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We're going to meet with @randomuserid and the @elastic/protections folks to review the existing ML Job bucket times, and corresponding Rule's interval + lookback to ensure we don't have any gaps here. I believe @randomuserid took this all into account when initially developing the jobs/rules, but we'll ensure to do an audit here to make sure everything is 👍.

Thanks again for all your help and feedback around debugging this issue, really grateful for your feedback 🙂

Copy link
Contributor

@randomuserid randomuserid Feb 8, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Most of the jobs have 15m buckets. I set the lookbacks are with the assumption that anomaly may take 15-30 minutes to be picked up by the rules depending on where the bucket is when the rule fires. Some, like CloudTrail, have longer lookbacks, because those pipelines have much more variable latency.

@rylnd
Copy link
Contributor Author

rylnd commented Feb 8, 2021

@elasticmachine merge upstream

@kibanamachine kibanamachine requested a review from a team as a code owner February 8, 2021 21:12
@kibanamachine
Copy link
Contributor

💛 Build succeeded, but was flaky

Test Failures

Kibana Pipeline / general / Firefox XPack UI Functional Tests.x-pack/test/functional/apps/status_page/status_page·ts.Status page Status Page allows user to navigate without authentication

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has failed 8 times on tracked branches: https://github.com/elastic/kibana/issues/50448

[00:00:00]       │
[00:02:50]         └-: Status page
[00:02:50]           └-> "before all" hook in "Status page"
[00:02:50]           └-: Status Page
[00:02:50]             └-> "before all" hook for "allows user to navigate without authentication"
[00:02:50]             └-> "before all" hook for "allows user to navigate without authentication"
[00:02:50]               │ info [empty_kibana] Loading "mappings.json"
[00:02:50]               │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-centos-tests-xxl-1612818777857790434] [.kibana_8.0.0_001/bcAmASUVQXqcsBO863GyTA] deleting index
[00:02:50]               │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-centos-tests-xxl-1612818777857790434] [.kibana_task_manager_8.0.0_001/xOK6zy-0RlGTDR_01O5wbw] deleting index
[00:02:50]               │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-centos-tests-xxl-1612818777857790434] [.kibana_pre6.5.0_001/-rSNuepoTxyK6NYtwxFwEg] deleting index
[00:02:50]               │ info [empty_kibana] Deleted existing index ".kibana_8.0.0_001"
[00:02:50]               │ info [empty_kibana] Deleted existing index ".kibana_task_manager_8.0.0_001"
[00:02:50]               │ info [empty_kibana] Deleted existing index ".kibana_pre6.5.0_001"
[00:02:50]               │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-centos-tests-xxl-1612818777857790434] [.kibana] creating index, cause [api], templates [], shards [1]/[1]
[00:02:50]               │ info [empty_kibana] Created index ".kibana"
[00:02:50]               │ debg [empty_kibana] ".kibana" settings {"index":{"number_of_replicas":"1","number_of_shards":"1"}}
[00:02:50]               │ info [o.e.c.m.MetadataMappingService] [kibana-ci-immutable-centos-tests-xxl-1612818777857790434] [.kibana/P5C7G_tySYG6cRgLDjav_w] update_mapping [_doc]
[00:02:50]               │ debg Migrating saved objects
[00:02:50]               │ proc [kibana]   log   [21:51:47.847] [info][savedobjects-service] [.kibana_task_manager] INIT -> CREATE_NEW_TARGET
[00:02:50]               │ proc [kibana]   log   [21:51:47.853] [info][savedobjects-service] [.kibana] INIT -> LEGACY_SET_WRITE_BLOCK
[00:02:50]               │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-centos-tests-xxl-1612818777857790434] [.kibana_task_manager_8.0.0_001] creating index, cause [api], templates [], shards [1]/[1]
[00:02:50]               │ info [o.e.c.r.a.AllocationService] [kibana-ci-immutable-centos-tests-xxl-1612818777857790434] updating number_of_replicas to [0] for indices [.kibana_task_manager_8.0.0_001]
[00:02:50]               │ info [o.e.c.m.MetadataIndexStateService] [kibana-ci-immutable-centos-tests-xxl-1612818777857790434] adding block write to indices [[.kibana/P5C7G_tySYG6cRgLDjav_w]]
[00:02:50]               │ info [o.e.c.m.MetadataIndexStateService] [kibana-ci-immutable-centos-tests-xxl-1612818777857790434] completed adding block write to indices [.kibana]
[00:02:50]               │ proc [kibana]   log   [21:51:47.935] [info][savedobjects-service] [.kibana_task_manager] CREATE_NEW_TARGET -> MARK_VERSION_INDEX_READY
[00:02:50]               │ proc [kibana]   log   [21:51:47.955] [info][savedobjects-service] [.kibana] LEGACY_SET_WRITE_BLOCK -> LEGACY_CREATE_REINDEX_TARGET
[00:02:50]               │ proc [kibana]   log   [21:51:47.975] [info][savedobjects-service] [.kibana_task_manager] MARK_VERSION_INDEX_READY -> DONE
[00:02:50]               │ proc [kibana]   log   [21:51:47.976] [info][savedobjects-service] [.kibana_task_manager] Migration completed after 133ms
[00:02:50]               │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-centos-tests-xxl-1612818777857790434] [.kibana_pre6.5.0_001] creating index, cause [api], templates [], shards [1]/[1]
[00:02:50]               │ info [o.e.c.r.a.AllocationService] [kibana-ci-immutable-centos-tests-xxl-1612818777857790434] updating number_of_replicas to [0] for indices [.kibana_pre6.5.0_001]
[00:02:50]               │ proc [kibana]   log   [21:51:48.049] [info][savedobjects-service] [.kibana] LEGACY_CREATE_REINDEX_TARGET -> LEGACY_REINDEX
[00:02:50]               │ proc [kibana]   log   [21:51:48.058] [info][savedobjects-service] [.kibana] LEGACY_REINDEX -> LEGACY_REINDEX_WAIT_FOR_TASK
[00:02:50]               │ info [o.e.t.LoggingTaskListener] [kibana-ci-immutable-centos-tests-xxl-1612818777857790434] 6856 finished with response BulkByScrollResponse[took=2.9ms,timed_out=false,sliceId=null,updated=0,created=0,deleted=0,batches=0,versionConflicts=0,noops=0,retries=0,throttledUntil=0s,bulk_failures=[],search_failures=[]]
[00:02:50]               │ proc [kibana]   log   [21:51:48.067] [info][savedobjects-service] [.kibana] LEGACY_REINDEX_WAIT_FOR_TASK -> LEGACY_DELETE
[00:02:50]               │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-centos-tests-xxl-1612818777857790434] [.kibana/P5C7G_tySYG6cRgLDjav_w] deleting index
[00:02:50]               │ proc [kibana]   log   [21:51:48.114] [info][savedobjects-service] [.kibana] LEGACY_DELETE -> SET_SOURCE_WRITE_BLOCK
[00:02:50]               │ info [o.e.c.m.MetadataIndexStateService] [kibana-ci-immutable-centos-tests-xxl-1612818777857790434] adding block write to indices [[.kibana_pre6.5.0_001/nnIykjWySH-M2m63BJAwtg]]
[00:02:50]               │ info [o.e.c.m.MetadataIndexStateService] [kibana-ci-immutable-centos-tests-xxl-1612818777857790434] completed adding block write to indices [.kibana_pre6.5.0_001]
[00:02:51]               │ proc [kibana]   log   [21:51:48.166] [info][savedobjects-service] [.kibana] SET_SOURCE_WRITE_BLOCK -> CREATE_REINDEX_TEMP
[00:02:51]               │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-centos-tests-xxl-1612818777857790434] [.kibana_8.0.0_reindex_temp] creating index, cause [api], templates [], shards [1]/[1]
[00:02:51]               │ info [o.e.c.r.a.AllocationService] [kibana-ci-immutable-centos-tests-xxl-1612818777857790434] updating number_of_replicas to [0] for indices [.kibana_8.0.0_reindex_temp]
[00:02:51]               │ info [o.e.c.r.a.AllocationService] [kibana-ci-immutable-centos-tests-xxl-1612818777857790434] current.health="GREEN" message="Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.kibana_8.0.0_reindex_temp][0]]])." previous.health="YELLOW" reason="shards started [[.kibana_8.0.0_reindex_temp][0]]"
[00:02:51]               │ proc [kibana]   log   [21:51:48.240] [info][savedobjects-service] [.kibana] CREATE_REINDEX_TEMP -> REINDEX_SOURCE_TO_TEMP
[00:02:51]               │ info [o.e.t.LoggingTaskListener] [kibana-ci-immutable-centos-tests-xxl-1612818777857790434] 6885 finished with response BulkByScrollResponse[took=2.8ms,timed_out=false,sliceId=null,updated=0,created=0,deleted=0,batches=0,versionConflicts=0,noops=0,retries=0,throttledUntil=0s,bulk_failures=[],search_failures=[]]
[00:02:51]               │ proc [kibana]   log   [21:51:48.248] [info][savedobjects-service] [.kibana] REINDEX_SOURCE_TO_TEMP -> REINDEX_SOURCE_TO_TEMP_WAIT_FOR_TASK
[00:02:51]               │ proc [kibana]   log   [21:51:48.257] [info][savedobjects-service] [.kibana] REINDEX_SOURCE_TO_TEMP_WAIT_FOR_TASK -> SET_TEMP_WRITE_BLOCK
[00:02:51]               │ info [o.e.c.m.MetadataIndexStateService] [kibana-ci-immutable-centos-tests-xxl-1612818777857790434] adding block write to indices [[.kibana_8.0.0_reindex_temp/XnZo1jRLRsiexnfqWqmBCw]]
[00:02:51]               │ info [o.e.c.m.MetadataIndexStateService] [kibana-ci-immutable-centos-tests-xxl-1612818777857790434] completed adding block write to indices [.kibana_8.0.0_reindex_temp]
[00:02:51]               │ proc [kibana]   log   [21:51:48.302] [info][savedobjects-service] [.kibana] SET_TEMP_WRITE_BLOCK -> CLONE_TEMP_TO_TARGET
[00:02:51]               │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-centos-tests-xxl-1612818777857790434] applying create index request using existing index [.kibana_8.0.0_reindex_temp] metadata
[00:02:51]               │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-centos-tests-xxl-1612818777857790434] [.kibana_8.0.0_001] creating index, cause [clone_index], templates [], shards [1]/[1]
[00:02:51]               │ info [o.e.c.r.a.AllocationService] [kibana-ci-immutable-centos-tests-xxl-1612818777857790434] updating number_of_replicas to [0] for indices [.kibana_8.0.0_001]
[00:02:51]               │ info [o.e.c.m.MetadataMappingService] [kibana-ci-immutable-centos-tests-xxl-1612818777857790434] [.kibana_8.0.0_001/3U6985pvTzS74YqGawvz8Q] create_mapping
[00:02:51]               │ info [o.e.c.r.a.AllocationService] [kibana-ci-immutable-centos-tests-xxl-1612818777857790434] current.health="GREEN" message="Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.kibana_8.0.0_001][0]]])." previous.health="YELLOW" reason="shards started [[.kibana_8.0.0_001][0]]"
[00:02:51]               │ proc [kibana]   log   [21:51:48.415] [info][savedobjects-service] [.kibana] CLONE_TEMP_TO_TARGET -> OUTDATED_DOCUMENTS_SEARCH
[00:02:51]               │ proc [kibana]   log   [21:51:48.425] [info][savedobjects-service] [.kibana] OUTDATED_DOCUMENTS_SEARCH -> UPDATE_TARGET_MAPPINGS
[00:02:51]               │ info [o.e.c.m.MetadataMappingService] [kibana-ci-immutable-centos-tests-xxl-1612818777857790434] [.kibana_8.0.0_001/3U6985pvTzS74YqGawvz8Q] update_mapping [_doc]
[00:02:51]               │ info [o.e.t.LoggingTaskListener] [kibana-ci-immutable-centos-tests-xxl-1612818777857790434] 6933 finished with response BulkByScrollResponse[took=2.3ms,timed_out=false,sliceId=null,updated=0,created=0,deleted=0,batches=0,versionConflicts=0,noops=0,retries=0,throttledUntil=0s,bulk_failures=[],search_failures=[]]
[00:02:51]               │ proc [kibana]   log   [21:51:48.498] [info][savedobjects-service] [.kibana] UPDATE_TARGET_MAPPINGS -> UPDATE_TARGET_MAPPINGS_WAIT_FOR_TASK
[00:02:51]               │ proc [kibana]   log   [21:51:48.506] [info][savedobjects-service] [.kibana] UPDATE_TARGET_MAPPINGS_WAIT_FOR_TASK -> MARK_VERSION_INDEX_READY
[00:02:51]               │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-centos-tests-xxl-1612818777857790434] [.kibana_8.0.0_reindex_temp/XnZo1jRLRsiexnfqWqmBCw] deleting index
[00:02:51]               │ proc [kibana]   log   [21:51:48.553] [info][savedobjects-service] [.kibana] MARK_VERSION_INDEX_READY -> DONE
[00:02:51]               │ proc [kibana]   log   [21:51:48.553] [info][savedobjects-service] [.kibana] Migration completed after 712ms
[00:02:51]               │ debg [empty_kibana] Migrated Kibana index after loading Kibana data
[00:02:51]               │ debg [empty_kibana] Ensured that default space exists in .kibana
[00:02:51]               │ debg applying update to kibana config: {"accessibility:disableAnimations":true,"dateFormat:tz":"UTC","visualization:visualize:legacyChartsLibrary":true}
[00:02:51]               │ info [o.e.c.m.MetadataMappingService] [kibana-ci-immutable-centos-tests-xxl-1612818777857790434] [.kibana_8.0.0_001/3U6985pvTzS74YqGawvz8Q] update_mapping [_doc]
[00:02:53]             └-> allows user to navigate without authentication
[00:02:53]               └-> "before each" hook: global before each for "allows user to navigate without authentication"
[00:02:53]               │ debg SecurityPage.forceLogout
[00:02:53]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=100
[00:02:53]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:02:53]               │ debg Redirecting to /logout to force the logout
[00:02:54]               │ debg browser[log] "^ A single error about an inline script not firing due to content security policy is expected!"
[00:02:54]               │ debg Waiting on the login form to appear
[00:02:54]               │ debg Waiting for Login Page to appear.
[00:02:54]               │ debg Waiting up to 100000ms for login page...
[00:02:54]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:03:05]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:03:06]               │ERROR browser[error] (new Error("Setup lifecycle of \"visTypeTable\" plugin wasn't completed in 10sec. Consider disabling the plugin and re-start.", "http://localhost:61191/40247/bundles/core/core.entry.js", 6))
[00:03:06]               │ debg browser[log] "Version 9 of Highlight.js has reached EOL and is no longer supported.
[00:03:06]               │      Please upgrade or ask whatever dependency you are using to upgrade.
[00:03:06]               │      https://github.com/highlightjs/highlight.js/issues/2877"
[00:03:06]               │ debg browser[log] "Detected an unhandled Promise rejection.
[00:03:06]               │      Error: Setup lifecycle of \"visTypeTable\" plugin wasn't completed in 10sec. Consider disabling the plugin and re-start."
[00:03:07]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:03:09]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:03:10]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:03:13]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:03:14]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:03:16]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:03:17]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:03:20]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:03:21]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:03:23]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:03:24]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:03:27]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:03:28]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:03:30]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:03:31]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:03:34]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:03:35]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:03:37]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:03:38]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:03:41]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:03:42]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:03:44]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:03:45]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:03:48]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:03:49]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:03:51]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:03:52]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:03:55]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:03:56]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:03:58]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:03:59]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:04:02]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:04:03]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:04:05]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:04:06]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:04:09]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:04:10]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:04:13]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:04:14]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:04:16]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:04:17]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:04:20]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:04:21]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:04:23]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:04:24]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:04:27]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:04:28]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:04:30]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:04:31]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:04:34]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:04:35]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:04:37]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:04:38]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:04:41]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:04:42]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:04:44]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:04:45]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:04:48]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:04:49]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:04:51]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:04:52]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:04:55]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:04:56]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:04:58]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:04:59]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:05:02]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:05:03]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:05:05]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:05:06]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:05:09]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:05:10]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:05:12]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:05:14]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:05:16]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:05:17]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:05:20]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:05:21]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:05:23]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:05:24]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:05:27]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:05:28]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:05:30]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:05:31]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:05:34]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:05:35]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:05:37]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:05:38]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:05:41]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:05:42]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:05:44]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:05:45]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:05:48]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:05:49]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:05:51]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:05:52]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:05:55]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:05:56]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:05:58]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:05:59]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:06:02]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:06:03]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:06:05]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:06:06]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:06:09]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:06:10]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:06:12]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:06:13]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:06:16]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:06:17]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:06:20]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:06:21]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:06:23]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:06:24]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:06:27]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:06:28]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:06:30]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:06:31]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:06:34]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:06:35]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:06:37]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:06:38]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:06:41]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:06:42]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:06:44]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:06:45]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:06:48]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:06:49]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:06:51]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:06:52]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:06:55]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:06:56]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:06:58]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:06:59]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:07:02]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:07:03]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:07:05]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:07:06]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:07:09]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:07:10]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:07:12]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:07:13]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:07:16]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:07:17]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:07:19]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:07:20]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:07:23]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:07:24]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:07:27]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:07:28]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:07:30]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:07:31]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:07:34]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:07:35]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:07:37]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:07:38]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:07:41]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:07:42]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:07:44]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:07:45]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:07:48]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:07:49]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:07:51]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:07:52]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:07:55]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:07:56]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:07:58]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:07:59]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:08:02]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:08:03]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:08:05]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:08:06]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:08:09]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:08:10]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:08:12]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:08:13]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:08:16]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:08:17]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:08:19]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:08:20]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:08:23]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:08:24]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:08:26]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:08:28]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:08:30]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:08:31]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:08:34]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:08:35]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:08:37]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:08:38]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:08:41]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:08:42]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:08:44]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:08:45]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:08:48]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:08:49]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:08:51]               │ debg --- retry.tryForTime error: .login-form is not displayed
[00:08:52]               │ debg Find.existsByDisplayedByCssSelector('.login-form') with timeout=2500
[00:08:53]               └- ✖ fail: Status page Status Page allows user to navigate without authentication
[00:08:53]               │      Error: Timeout of 360000ms exceeded. For async tests and hooks, ensure "done()" is called; if returning a Promise, ensure it resolves. (/dev/shm/workspace/parallel/19/kibana/x-pack/test/functional/apps/status_page/status_page.ts)
[00:08:53]               │       at listOnTimeout (internal/timers.js:554:17)
[00:08:53]               │       at processTimers (internal/timers.js:497:7)
[00:08:53]               │ 
[00:08:53]               │

Stack Trace

Error: Timeout of 360000ms exceeded. For async tests and hooks, ensure "done()" is called; if returning a Promise, ensure it resolves. (/dev/shm/workspace/parallel/19/kibana/x-pack/test/functional/apps/status_page/status_page.ts)
    at listOnTimeout (internal/timers.js:554:17)
    at processTimers (internal/timers.js:497:7)

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@rylnd rylnd merged commit 8e4f899 into elastic:master Feb 9, 2021
@rylnd rylnd deleted the ignore_temp_anomalies branch February 9, 2021 23:21
@rylnd rylnd mentioned this pull request Feb 9, 2021
Merged
rylnd added a commit to rylnd/kibana that referenced this pull request Feb 9, 2021
@rylnd @kibanamachine
Ignore intermediate records in ML Rule anomalies query (elastic#90316)
27e2f9e 
We were incorrectly including records with is_interim: true in our
query, which lead to false positive signals if the rule executed while
an anomaly's score was (temporarily) above the specified threshold, but
then dipped below after it was finalized.

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
rylnd added a commit that referenced this pull request Feb 10, 2021
@rylnd @kibanamachine
Ignore intermediate records in ML Rule anomalies query (#90316) (#90874)
fa26f65 
We were incorrectly including records with is_interim: true in our
query, which lead to false positive signals if the rule executed while
an anomaly's score was (temporarily) above the specified threshold, but
then dipped below after it was finalized.

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
@rylnd rylnd mentioned this pull request Feb 10, 2021
Merged
rylnd added a commit to rylnd/kibana that referenced this pull request Feb 10, 2021
@rylnd @kibanamachine
Ignore intermediate records in ML Rule anomalies query (elastic#90316)
cab2a61 
We were incorrectly including records with is_interim: true in our
query, which lead to false positive signals if the rule executed while
an anomaly's score was (temporarily) above the specified threshold, but
then dipped below after it was finalized.

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
rylnd added a commit that referenced this pull request Feb 10, 2021
@rylnd @kibanamachine
Ignore intermediate records in ML Rule anomalies query (#90316) (#90983)
bee5c0f 
We were incorrectly including records with is_interim: true in our
query, which lead to false positive signals if the rule executed while
an anomaly's score was (temporarily) above the specified threshold, but
then dipped below after it was finalized.

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
@spong spong mentioned this pull request Mar 18, 2021
Open
@rylnd rylnd mentioned this pull request May 26, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@randomuserid randomuserid randomuserid left review comments

@spong spong spong approved these changes

@benwtrent benwtrent benwtrent left review comments

@FrankHassanabad FrankHassanabad FrankHassanabad approved these changes

Assignees

@rylnd rylnd

Labels
bug Fixes for quality problems that affect the customer experience release_note:fix Team:Detections and Resp Security Detection Response Team v7.11.1 v7.12.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@rylnd @elasticmachine @kibanamachine @FrankHassanabad @randomuserid @spong @benwtrent