[9.2] [Security Solution] Add FTR tests for prebuilt rules OOM testing (#236891)#238438
Closed
kibanamachine wants to merge 1 commit into
Closed
[9.2] [Security Solution] Add FTR tests for prebuilt rules OOM testing (#236891)#238438kibanamachine wants to merge 1 commit into
kibanamachine wants to merge 1 commit into
Conversation
…stic#236891) **Partially addresses:** elastic#188090 ## Summary This PR contains FTR tests designed to expose potential Out of Memory (OOM) issues in Kibana when performing memory-intensive operations related to **Detection Prebuilt Rules**. The tests open a possibility to test against any Prebuilt Rules fleet package version including prerelease packages. ## Running test instructions - Set up QAF by following to the [instructions](https://docs.elastic.dev/appex-qa/qaf/getting-started) (internal) - Place the following Elastic Cloud plan in `~/.qaf/config/cloud_plans/prebuilt_rules_oom_testing.yml` ```yaml --- name: {{ deployment_name }} settings: autoscaling_enabled: {{ autoscaling_enabled }} metadata: system_owned: false resources: elasticsearch: - region: {{ region }} settings: dedicated_masters_threshold: 6 plan: cluster_topology: - zone_count: 1 elasticsearch: node_attributes: data: hot instance_configuration_id: gcp.es.datahot.n2.68x10x45 node_roles: - master - ingest - remote_cluster_client - data_hot - transform - data_content id: hot_content size: value: 1024 resource: memory elasticsearch: version: {{ stack_version }} deployment_template: id: gcp-storage-optimized ref_id: main-elasticsearch enterprise_search: [] kibana: - elasticsearch_cluster_ref_id: main-elasticsearch region: {{ region }} plan: cluster_topology: - instance_configuration_id: gcp.kibana.n2.68x32x45 zone_count: 1 size: value: 1024 resource: memory kibana: version: {{ stack_version }} ref_id: main-kibana ``` - Create an ECH deployment by running the following command ```bash qaf elastic-cloud deployments create --stack-version 9.3.0 --version-validation --deployment-name prebuilt-rules-oom-test-9.3.0 --environment production --no-autoscaling --no-sso --region gcp-us-west2 --plan prebuilt_rules_oom_testing ``` - Run the tests by running the following command ```bash qaf kibana ftr run-config --ec-deployment-name prebuilt-rules-oom-test-9.3.0 --kibana-repo-root <kibana-root> <kibana-root>/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/rules_management/prebuilt_rules/oom_testing/configs/ess_basic_license.config.ts ``` where `<kibana-root>` is the absolute path to the Kibana's root folder. (cherry picked from commit d99c5b4)
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
nikitaindik
approved these changes
Oct 10, 2025
Contributor
nikitaindik
left a comment
nikitaindik
left a comment
There was a problem hiding this comment.
I reviewed the main PR. The diff is identical in this backport. I approve.
Contributor
💚 Build Succeeded
Metrics [docs]
cc @maximpn |
jbudz
approved these changes
Oct 13, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport
This will backport the following commits from
mainto9.2:Questions ?
Please refer to the Backport tool documentation