Fix tests

x-pack/test/detection_engine_api_integration/security_and_spaces/group6/alerts/alerts_compatibility.ts

@@ -20,7 +20,6 @@ import {
   ThreatMatchRuleCreateProps,
   ThresholdRuleCreateProps,
 } from '@kbn/security-solution-plugin/common/detection_engine/rule_schema';
-import { ALERT_START } from '@kbn/rule-data-utils';
 import {
   createRule,
   createSignalsIndex,
@@ -39,6 +38,7 @@ import {
   waitForSignalsToBePresent,
 } from '../../../utils';
 import { FtrProviderContext } from '../../../common/ftr_provider_context';
+import { removeRandomValuedProperties } from '../../rule_execution_logic/utils';
 
 // eslint-disable-next-line import/no-default-export
 export default ({ getService }: FtrProviderContext) => {
@@ -231,23 +231,13 @@ export default ({ getService }: FtrProviderContext) => {
         expect(signalsOpen.hits.hits.length).greaterThan(0);
         const hit = signalsOpen.hits.hits[0];
         expect(hit._source?.kibana).to.eql(undefined);
-        const {
-          '@timestamp': timestamp,
-          'kibana.version': kibanaVersion,
-          'kibana.alert.rule.created_at': createdAt,
-          'kibana.alert.rule.updated_at': updatedAt,
-          'kibana.alert.rule.execution.uuid': executionUuid,
-          'kibana.alert.uuid': alertId,
-          [ALERT_START]: alertStart,
-          ...source
-        } = hit._source!;
+        const source = removeRandomValuedProperties(hit._source);
         expect(source).to.eql({
           'kibana.alert.rule.category': 'Custom Query Rule',
           'kibana.alert.rule.consumer': 'siem',
           'kibana.alert.rule.name': 'Signal Testing Query',
           'kibana.alert.rule.producer': 'siem',
           'kibana.alert.rule.rule_type_id': 'siem.queryRule',
-          'kibana.alert.rule.uuid': id,
           'kibana.space_ids': ['default'],
           'kibana.alert.rule.tags': [],
           agent: {
@@ -401,23 +391,13 @@ export default ({ getService }: FtrProviderContext) => {
         expect(signalsOpen.hits.hits.length).greaterThan(0);
         const hit = signalsOpen.hits.hits[0];
         expect(hit._source?.kibana).to.eql(undefined);
-        const {
-          '@timestamp': timestamp,
-          'kibana.version': kibanaVersion,
-          'kibana.alert.rule.created_at': createdAt,
-          'kibana.alert.rule.updated_at': updatedAt,
-          'kibana.alert.rule.execution.uuid': executionUuid,
-          'kibana.alert.uuid': alertId,
-          [ALERT_START]: alertStart,
-          ...source
-        } = hit._source!;
+        const source = removeRandomValuedProperties(hit._source);
         expect(source).to.eql({
           'kibana.alert.rule.category': 'Custom Query Rule',
           'kibana.alert.rule.consumer': 'siem',
           'kibana.alert.rule.name': 'Signal Testing Query',
           'kibana.alert.rule.producer': 'siem',
           'kibana.alert.rule.rule_type_id': 'siem.queryRule',
-          'kibana.alert.rule.uuid': id,
           'kibana.space_ids': ['default'],
           'kibana.alert.rule.tags': [],
           agent: {

x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/new_terms.ts

@@ -10,12 +10,10 @@ import expect from '@kbn/expect';
 import { NewTermsRuleCreateProps } from '@kbn/security-solution-plugin/common/detection_engine/rule_schema';
 import { orderBy } from 'lodash';
 import { getCreateNewTermsRulesSchemaMock } from '@kbn/security-solution-plugin/common/detection_engine/rule_schema/mocks';
-import { DetectionAlert } from '@kbn/security-solution-plugin/common/detection_engine/schemas/alerts';
 import {
   getNewTermsRuntimeMappings,
   AGG_FIELD_NAME,
 } from '@kbn/security-solution-plugin/server/lib/detection_engine/rule_types/new_terms/utils';
-import { ALERT_START } from '@kbn/rule-data-utils';
 import {
   createRule,
   deleteAllAlerts,
@@ -30,24 +28,7 @@ import { previewRuleWithExceptionEntries } from '../../utils/preview_rule_with_e
 import { deleteAllExceptions } from '../../../lists_api_integration/utils';
 
 import { largeArraysBuckets } from './mocks/new_terms';
-
-const removeRandomValuedProperties = (alert: DetectionAlert | undefined) => {
-  if (!alert) {
-    return undefined;
-  }
-  const {
-    'kibana.version': version,
-    'kibana.alert.rule.execution.uuid': execUuid,
-    'kibana.alert.rule.uuid': uuid,
-    '@timestamp': timestamp,
-    'kibana.alert.rule.created_at': createdAt,
-    'kibana.alert.rule.updated_at': updatedAt,
-    'kibana.alert.uuid': alertUuid,
-    [ALERT_START]: alertStart,
-    ...restOfAlert
-  } = alert;
-  return restOfAlert;
-};
+import { removeRandomValuedProperties } from './utils';
 
 // eslint-disable-next-line import/no-default-export
 export default ({ getService }: FtrProviderContext) => {

x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/utils.ts

@@ -0,0 +1,28 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { DetectionAlert } from '@kbn/security-solution-plugin/common/detection_engine/schemas/alerts';
+import { ALERT_LAST_DETECTED, ALERT_START } from '@kbn/rule-data-utils';
+
+export const removeRandomValuedProperties = (alert: DetectionAlert | undefined) => {
+  if (!alert) {
+    return undefined;
+  }
+  const {
+    'kibana.version': version,
+    'kibana.alert.rule.execution.uuid': execUuid,
+    'kibana.alert.rule.uuid': uuid,
+    '@timestamp': timestamp,
+    'kibana.alert.rule.created_at': createdAt,
+    'kibana.alert.rule.updated_at': updatedAt,
+    'kibana.alert.uuid': alertUuid,
+    [ALERT_START]: alertStart,
+    [ALERT_LAST_DETECTED]: lastDetected,
+    ...restOfAlert
+  } = alert;
+  return restOfAlert;
+};