Fix tests

elastic · Nov 3, 2021 · 60b7c43 · 60b7c43
1 parent 4184850
commit 60b7c43
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 8 deletions.
diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx
@@ -288,7 +288,7 @@ export const isEqlRuleWithGroupId = (ecsData: Ecs) => {
 
 export const isThresholdRule = (ecsData: Ecs) => {
   const ruleType = getField(ecsData, ALERT_RULE_TYPE);
-  return ruleType.length && ruleType[0] === 'threshold';
+  return Array.isArray(ruleType) && ruleType.length && ruleType[0] === 'threshold';
 };
 
 export const buildAlertsKqlFilter = (
@@ -411,10 +411,11 @@ export const sendAlertToTimelineAction = async ({
    */
   const ecsData: Ecs = Array.isArray(ecs) && ecs.length > 0 ? ecs[0] : (ecs as Ecs);
   const alertIds = Array.isArray(ecs) ? ecs.map((d) => d._id) : [];
-  const ruleNote = getField(ecsData, ALERT_RULE_NOTE)[0];
-  const noteContent = ruleNote ?? '';
-  const ruleTimelineId = getField(ecsData, ALERT_RULE_TIMELINE_ID)[0];
-  const timelineId = ruleTimelineId ?? '';
+  const ruleNote = getField(ecsData, ALERT_RULE_NOTE);
+  const noteContent = Array.isArray(ruleNote) && ruleNote.length > 0 ? ruleNote[0] : '';
+  const ruleTimelineId = getField(ecsData, ALERT_RULE_TIMELINE_ID);
+  const timelineId =
+    Array.isArray(ruleTimelineId) && ruleTimelineId.length > 0 ? ruleTimelineId[0] : '';
   const { to, from } = determineToAndFrom({ ecs });
 
   // For now we do not want to populate the template timeline if we have alertIds

diff --git a/x-pack/plugins/security_solution/public/helpers.tsx b/x-pack/plugins/security_solution/public/helpers.tsx
@@ -211,7 +211,11 @@ export const RedirectRoute = React.memo<{ capabilities: Capabilities }>(({ capab
 });
 RedirectRoute.displayName = 'RedirectRoute';
 
-const racFieldMappings: Record<string, string> = {
+const siemSignalsFieldMappings: Record<string, string> = {
+  [ALERT_RULE_UUID]: 'signal.rule.id',
+};
+
+const alertFieldMappings: Record<string, string> = {
   'signal.rule.id': ALERT_RULE_UUID,
 };
 
@@ -223,6 +227,10 @@ const racFieldMappings: Record<string, string> = {
  * (signal.*), whichever is present. For backwards compatibility.
  */
 export const getField = (ecsData: Ecs, field: string) => {
-  const aadField = (racFieldMappings[field] ?? field).replace('signal', 'kibana.alert');
-  return get(aadField, ecsData) ?? get(field, ecsData);
+  const aadField = (alertFieldMappings[field] ?? field).replace('signal', 'kibana.alert');
+  const siemSignalsField = (siemSignalsFieldMappings[field] ?? field).replace(
+    'kibana.alert',
+    'signal'
+  );
+  return get(aadField, ecsData) ?? get(siemSignalsField, ecsData);
 };