[EDR Workflows] Fix Cypress tests failing on Alerts step (#197384)

x-pack/plugins/osquery/cypress/e2e/all/alerts_automated_action_results.cy.ts

@@ -11,8 +11,7 @@ import { checkActionItemsInResults, loadRuleAlerts } from '../../tasks/live_quer
 
 const UUID_REGEX = '[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}';
 
-// FLAKY: https://github.com/elastic/kibana/issues/169727
-describe.skip('Alert Flyout Automated Action Results', () => {
+describe('Alert Flyout Automated Action Results', () => {
   let ruleId: string;
 
   before(() => {

x-pack/plugins/osquery/cypress/e2e/all/alerts_cases.cy.ts

@@ -49,8 +49,7 @@ describe.skip('Alert Event Details - Cases', { tags: ['@ess', '@serverless'] },
     cleanupRule(ruleId);
   });
 
-  // FLAKY: https://github.com/elastic/kibana/issues/197151
-  describe.skip('Case creation', () => {
+  describe('Case creation', () => {
     let caseId: string;
 
     before(() => {
@@ -86,8 +85,7 @@ describe.skip('Alert Event Details - Cases', { tags: ['@ess', '@serverless'] },
     });
   });
 
-  // FLAKY: https://github.com/elastic/kibana/issues/176783
-  describe.skip('Case', () => {
+  describe('Case', () => {
     let caseId: string;
 
     beforeEach(() => {

x-pack/plugins/osquery/cypress/e2e/all/alerts_linked_apps.cy.ts

@@ -18,9 +18,7 @@ import {
 import { closeModalIfVisible, closeToastIfVisible } from '../../tasks/integrations';
 import { RESULTS_TABLE, RESULTS_TABLE_BUTTON } from '../../screens/live_query';
 
-// Failing: See https://github.com/elastic/kibana/issues/181889
-// Failing: See https://github.com/elastic/kibana/issues/181889
-describe.skip(
+describe(
   'Alert Event Details',
   {
     tags: ['@ess', '@serverless', '@skipInServerlessMKI'],

x-pack/plugins/osquery/cypress/e2e/all/alerts_multiple_agents.cy.ts

@@ -15,8 +15,7 @@ import {
 } from '../../tasks/live_query';
 import { OSQUERY_FLYOUT_BODY_EDITOR } from '../../screens/live_query';
 
-// FLAKY: https://github.com/elastic/kibana/issues/170157
-describe.skip(
+describe(
   'Alert Event Details - dynamic params',
   {
     tags: ['@ess', '@serverless'],

x-pack/plugins/osquery/cypress/e2e/all/ecs_mappings.cy.ts

@@ -18,8 +18,7 @@ import {
   typeInOsqueryFieldInput,
 } from '../../tasks/live_query';
 
-// Failing: See https://github.com/elastic/kibana/issues/192128
-describe.skip('EcsMapping', { tags: ['@ess', '@serverless'] }, () => {
+describe('EcsMapping', { tags: ['@ess', '@serverless'] }, () => {
   beforeEach(() => {
     initializeDataViews();
   });

x-pack/plugins/osquery/cypress/tasks/api_fixtures.ts

@@ -231,7 +231,7 @@ export const loadRule = (includeResponseActions = false) => {
       tags: [],
       license: '',
       interval: '1m',
-      from: 'now-120s',
+      from: 'now-360s',
       to: 'now',
       meta: { from: '1m', kibana_siem_app_url: 'http://localhost:5620/app/security' },
       actions: [],

x-pack/plugins/osquery/cypress/tasks/live_query.ts

@@ -58,7 +58,7 @@ export const verifyQueryTimeout = (timeout: string) => {
 
 // sometimes the results get stuck in the tests, this is a workaround
 export const checkResults = () => {
-  cy.getBySel('osqueryResultsTable').then(($table) => {
+  cy.getBySel('osqueryResultsTable', { timeout: 120000 }).then(($table) => {
     if ($table.find('div .euiDataGridRow').length > 0) {
       cy.getBySel('dataGridRowCell', { timeout: 120000 }).should('have.lengthOf.above', 0);
     } else {
@@ -158,6 +158,7 @@ export const checkActionItemsInResults = ({
   cases: boolean;
   timeline: boolean;
 }) => {
+  checkResults();
   cy.contains('View in Discover').should(discover ? 'exist' : 'not.exist');
   cy.contains('View in Lens').should(lens ? 'exist' : 'not.exist');
   cy.contains('Add to Case').should(cases ? 'exist' : 'not.exist');

x-pack/plugins/security_solution/public/management/cypress/e2e/automated_response_actions/automated_response_actions.cy.ts

@@ -5,13 +5,13 @@
  * 2.0.
  */
 
+import { waitForAlertsToPopulate } from '@kbn/test-suites-xpack/security_solution_cypress/cypress/tasks/create_new_rule';
+import { login } from '../../tasks/login';
+import { waitForEndpointListPageToBeLoaded } from '../../tasks/response_console';
 import type { PolicyData } from '../../../../../common/endpoint/types';
-import { APP_ENDPOINTS_PATH } from '../../../../../common/constants';
 import { closeAllToasts } from '../../tasks/toasts';
 import { toggleRuleOffAndOn, visitRuleAlerts } from '../../tasks/isolate';
 import { cleanupRule, loadRule } from '../../tasks/api_fixtures';
-import { login } from '../../tasks/login';
-import { loadPage } from '../../tasks/common';
 import type { IndexedFleetEndpointPolicyResponse } from '../../../../../common/endpoint/data_loaders/index_fleet_endpoint_policy';
 import { createAgentPolicyTask, getEndpointIntegrationVersion } from '../../tasks/fleet';
 import { changeAlertsFilter } from '../../tasks/alerts';
@@ -38,21 +38,33 @@ describe(
     let indexedPolicy: IndexedFleetEndpointPolicyResponse;
     let policy: PolicyData;
     let createdHost: CreateAndEnrollEndpointHostResponse;
+    let ruleId: string;
+    let ruleName: string;
+    beforeEach(() => {
+      login();
+    });
 
     before(() => {
-      getEndpointIntegrationVersion().then((version) =>
-        createAgentPolicyTask(version, 'automated_response_actions').then((data) => {
-          indexedPolicy = data;
-          policy = indexedPolicy.integrationPolicies[0];
-
-          return enableAllPolicyProtections(policy.id).then(() => {
-            // Create and enroll a new Endpoint host
-            return createEndpointHost(policy.policy_ids[0]).then((host) => {
-              createdHost = host as CreateAndEnrollEndpointHostResponse;
+      getEndpointIntegrationVersion()
+        .then((version) =>
+          createAgentPolicyTask(version, 'automated_response_actions').then((data) => {
+            indexedPolicy = data;
+            policy = indexedPolicy.integrationPolicies[0];
+
+            return enableAllPolicyProtections(policy.id).then(() => {
+              // Create and enroll a new Endpoint host
+              return createEndpointHost(policy.policy_ids[0]).then((host) => {
+                createdHost = host as CreateAndEnrollEndpointHostResponse;
+              });
             });
+          })
+        )
+        .then(() => {
+          loadRule().then((data) => {
+            ruleId = data.id;
+            ruleName = data.name;
           });
-        })
-      );
+        });
     });
 
     after(() => {
@@ -67,48 +79,29 @@ describe(
       if (createdHost) {
         deleteAllLoadedEndpointData({ endpointAgentIds: [createdHost.agentId] });
       }
-    });
 
-    beforeEach(() => {
-      login();
+      if (ruleId) {
+        cleanupRule(ruleId);
+      }
     });
 
-    // FLAKY: https://github.com/elastic/kibana/issues/169828
-    describe.skip('From alerts', () => {
-      let ruleId: string;
-      let ruleName: string;
-
-      before(() => {
-        loadRule().then((data) => {
-          ruleId = data.id;
-          ruleName = data.name;
-        });
-      });
-
-      after(() => {
-        if (ruleId) {
-          cleanupRule(ruleId);
-        }
-      });
-
-      it('should have generated endpoint and rule', () => {
-        loadPage(APP_ENDPOINTS_PATH);
-        cy.contains(createdHost.hostname).should('exist');
+    it('should have been called against a created host', () => {
+      waitForEndpointListPageToBeLoaded(createdHost.hostname);
+      toggleRuleOffAndOn(ruleName);
 
-        toggleRuleOffAndOn(ruleName);
+      visitRuleAlerts(ruleName);
+      closeAllToasts();
 
-        visitRuleAlerts(ruleName);
-        closeAllToasts();
+      changeAlertsFilter(`process.name: "agentbeat" and agent.id: "${createdHost.agentId}"`);
+      waitForAlertsToPopulate();
 
-        changeAlertsFilter(`process.name: "agentbeat" and agent.id: "${createdHost.agentId}"`);
-        cy.getByTestSubj('expand-event').first().click();
-        cy.getByTestSubj('securitySolutionFlyoutNavigationExpandDetailButton').click();
-        cy.getByTestSubj('securitySolutionFlyoutResponseTab').click();
+      cy.getByTestSubj('expand-event').first().click();
+      cy.getByTestSubj('securitySolutionFlyoutNavigationExpandDetailButton').click();
+      cy.getByTestSubj('securitySolutionFlyoutResponseTab').click();
 
-        cy.contains(/isolate is pending|isolate completed successfully/g);
-        cy.contains(/kill-process is pending|kill-process completed successfully/g);
-        cy.contains('The action was called with a non-existing event field name: entity_id');
-      });
+      cy.contains(/isolate is pending|isolate completed successfully/g);
+      cy.contains(/kill-process is pending|kill-process completed successfully/g);
+      cy.contains('The action was called with a non-existing event field name: entity_id');
     });
   }
 );

x-pack/plugins/security_solution/public/management/cypress/tasks/api_fixtures.ts

@@ -55,7 +55,7 @@ export const loadRule = (body = {}, includeResponseActions = true) =>
       tags: [],
       license: '',
       interval: '1m',
-      from: 'now-120s',
+      from: 'now-360s',
       to: 'now',
       meta: { from: '1m', kibana_siem_app_url: 'http://localhost:5620/app/security' },
       actions: [],

x-pack/plugins/security_solution/public/management/cypress/tsconfig.json

@@ -34,5 +34,6 @@
     "@kbn/security-solution-serverless",
     "@kbn/dev-utils",
     "@kbn/spaces-plugin",
+    "@kbn/test-suites-xpack/security_solution_cypress/cypress",
   ]
 }