Unskips tests and fixes a few of them. (#116469) (#116551)

## Summary

* For the test of `create_endpoint_exceptions.ts` code was changed to try to reduce/remove flake. I put the code back to where it was and with the sorting introduced it all should pass
* Added `await waitForSignalsToBePresent(supertest, 1, [id]);` to areas of code that were missing.
* The `.flat` should be an added layer of protection for flakes.


### Checklist

- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios

Co-authored-by: Frank Hassanabad <frank.hassanabad@elastic.co>

x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_endpoint_exceptions.ts

@@ -70,8 +70,7 @@ export default ({ getService }: FtrProviderContext) => {
   const supertest = getService('supertest');
   const esArchiver = getService('esArchiver');
 
-  // Flaky
-  describe.skip('Rule exception operators for endpoints', () => {
+  describe('Rule exception operators for endpoints', () => {
     before(async () => {
       await esArchiver.load(
         'x-pack/test/functional/es_archives/rule_exceptions/endpoint_without_host_type'
@@ -113,7 +112,7 @@ export default ({ getService }: FtrProviderContext) => {
             os: { type: 'linux' },
           },
           {
-            os: { type: 'windows' },
+            os: { type: 'macos' },
           },
           {
             os: { type: 'windows' },
@@ -135,7 +134,7 @@ export default ({ getService }: FtrProviderContext) => {
             os: { name: 'Linux' },
           },
           {
-            os: { name: 'Windows' },
+            os: { name: 'Macos' },
           },
           {
             os: { name: 'Windows' },
@@ -174,7 +173,7 @@ export default ({ getService }: FtrProviderContext) => {
               os: { name: 'Linux' },
             },
             {
-              os: { name: 'Windows' },
+              os: { name: 'Macos' },
             },
             {
               os: { name: 'Windows' },
@@ -210,7 +209,7 @@ export default ({ getService }: FtrProviderContext) => {
               os: { name: 'Linux' },
             },
             {
-              os: { name: 'Windows' },
+              os: { name: 'Macos' },
             },
             {
               os: { name: 'Windows' },
@@ -336,7 +335,7 @@ export default ({ getService }: FtrProviderContext) => {
               os: { type: 'linux' },
             },
             {
-              os: { type: 'windows' },
+              os: { type: 'macos' },
             },
             {
               os: { type: 'windows' },
@@ -372,7 +371,7 @@ export default ({ getService }: FtrProviderContext) => {
               os: { type: 'linux' },
             },
             {
-              os: { type: 'windows' },
+              os: { type: 'macos' },
             },
             {
               os: { type: 'windows' },
@@ -501,10 +500,10 @@ export default ({ getService }: FtrProviderContext) => {
               os: { name: 'Linux' },
             },
             {
-              os: { name: 'Windows' },
+              os: { type: 'macos' },
             },
             {
-              os: { type: 'windows' },
+              os: { name: 'Macos' },
             },
             {
               os: { type: 'windows' },
@@ -546,10 +545,10 @@ export default ({ getService }: FtrProviderContext) => {
               os: { name: 'Linux' },
             },
             {
-              os: { name: 'Windows' },
+              os: { type: 'macos' },
             },
             {
-              os: { type: 'windows' },
+              os: { name: 'Macos' },
             },
             {
               os: { type: 'windows' },
@@ -876,7 +875,7 @@ export default ({ getService }: FtrProviderContext) => {
             os: { type: 'linux' },
           },
           {
-            os: { type: 'windows' },
+            os: { type: 'macos' },
           },
           {
             os: { type: 'windows' },

x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/ip_array.ts

@@ -508,6 +508,7 @@ export default ({ getService }: FtrProviderContext) => {
           ],
         ]);
         await waitForRuleSuccessOrStatus(supertest, id);
+        await waitForSignalsToBePresent(supertest, 1, [id]);
         const signalsOpen = await getSignalsById(supertest, id);
         const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort();
         expect(ips.flat(Number.MAX_SAFE_INTEGER)).to.eql([]);

x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/text.ts

@@ -426,9 +426,7 @@ export default ({ getService }: FtrProviderContext) => {
         expect(hits).to.eql(['word four']);
       });
 
-      // This test is unreliable due to a race condition... we don't know if the rule ran and
-      // generated 0 signals, or if the index hasn't refreshed yet.
-      it.skip('should filter 4 text if all are set as exceptions', async () => {
+      it('should filter 4 text if all are set as exceptions', async () => {
         const rule = getRuleForSignalTesting(['text']);
         const { id } = await createRuleWithExceptionEntries(supertest, rule, [
           [
@@ -448,9 +446,7 @@ export default ({ getService }: FtrProviderContext) => {
     });
 
     describe('"is not one of" operator', () => {
-      // This test is unreliable due to a race condition... we don't know if the rule ran and
-      // generated 0 signals, or if the index hasn't refreshed yet.
-      it.skip('will return 0 results if it cannot find what it is excluding', async () => {
+      it('will return 0 results if it cannot find what it is excluding', async () => {
         const rule = getRuleForSignalTesting(['text']);
         const { id } = await createRuleWithExceptionEntries(supertest, rule, [
           [
@@ -489,9 +485,7 @@ export default ({ getService }: FtrProviderContext) => {
     });
 
     describe('"exists" operator', () => {
-      // This test is unreliable due to a race condition... we don't know if the rule ran and
-      // generated 0 signals, or if the index hasn't refreshed yet.
-      it.skip('will return 0 results if matching against text', async () => {
+      it('will return 0 results if matching against text', async () => {
         const rule = getRuleForSignalTesting(['text']);
         const { id } = await createRuleWithExceptionEntries(supertest, rule, [
           [
@@ -577,7 +571,7 @@ export default ({ getService }: FtrProviderContext) => {
           expect(hits).to.eql(['four', 'two']);
         });
 
-        it.skip('will return 0 results if we have a list that includes all text', async () => {
+        it('will return 0 results if we have a list that includes all text', async () => {
           await importTextFile(
             supertest,
             'text',

x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/text_array.ts

@@ -337,6 +337,7 @@ export default ({ getService }: FtrProviderContext) => {
           ],
         ]);
         await waitForRuleSuccessOrStatus(supertest, id);
+        await waitForSignalsToBePresent(supertest, 1, [id]);
         const signalsOpen = await getSignalsById(supertest, id);
         const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
         expect(hits.flat(Number.MAX_SAFE_INTEGER)).to.eql([]);
@@ -515,6 +516,7 @@ export default ({ getService }: FtrProviderContext) => {
           ],
         ]);
         await waitForRuleSuccessOrStatus(supertest, id);
+        await waitForSignalsToBePresent(supertest, 1, [id]);
         const signalsOpen = await getSignalsById(supertest, id);
         const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort();
         expect(hits.flat(Number.MAX_SAFE_INTEGER)).to.eql([]);