[Security Solution] Implement reliable tests to catch OOMs during rules package installation #188090
Labels
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules area
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
technical debt
Improvement of the software architecture and operational architecture
Epic: #179907
Summary
Our existing package installation test has not been effective in catching potential OOMs. The test is designed to emulate the installation of 15,000 rules. However, in a Serverless environment, we've seen OOMs when installing ~5,000 rules. This might be because the integration test limits the heap but cannot control external memory, and in our investigation, we saw a significant amount of external memory being used before an OOM (300+MB).
We need to add an MKI test so that even if we tweak the heap or memory on Serverless, our test will continue to prevent regression.
The text was updated successfully, but these errors were encountered: