Failing ES Promotion: FTR Configs elastic#22 / detection engine api s…

…ecurity and spaces enabled - rule execution logic Non ECS fields in alert document source should fail creating alert when ECS field mapping is geo_point (elastic#154277)
e40pud · Jul 19, 2023 · 527c2e9 · 527c2e9
1 parent 9c7dda0
commit 527c2e9
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/...tection_engine_api_integration/security_and_spaces/rule_execution_logic/non_ecs_fields.ts b/...tection_engine_api_integration/security_and_spaces/rule_execution_logic/non_ecs_fields.ts
@@ -57,7 +57,7 @@ export default ({ getService }: FtrProviderContext) => {
   };
 
   // FAILING ES PROMOTION: https://github.com/elastic/kibana/issues/154277
-  describe.skip('Non ECS fields in alert document source', () => {
+  describe('Non ECS fields in alert document source', () => {
     before(async () => {
       await esArchiver.load(
         'x-pack/test/functional/es_archives/security_solution/ecs_non_compliant'
@@ -232,7 +232,7 @@ export default ({ getService }: FtrProviderContext) => {
       // invalid ECS field is getting removed
       expect(alertSource).toHaveProperty('threat.enrichments', []);
 
-      expect(alertSource).toHaveProperty('threat.indicator.port', 443);
+      expect(alertSource).toHaveProperty(['threat', 'indicator.port'], 443);
     });
 
     // source client.bytes is text, ECS mapping for client.bytes is long
@@ -271,8 +271,8 @@ export default ({ getService }: FtrProviderContext) => {
 
       const { errors } = await indexAndCreatePreviewAlert(document);
 
-      expect(errors).toContain(
-        'Bulk Indexing of signals failed: failed to parse field [client.geo.location] of type [geo_point]'
+      expect(errors[0]).toContain(
+        'Bulk Indexing of signals failed: [1:1193] failed to parse field [client.geo.location] of type [geo_point]'
       );
     });