[SIEM] Fix patching of ML Rules (#60830)

* Allow ML Rules to be patched * Test passing of params from our patch routes to our helpers Since patchRules accepts a partial there's no way to verify this in typescript, we need regression tests instead. * Update lists when importing with overwrite This was simply missed earlier. Co-authored-by: Elastic Machine <[email protected]>
elastic · Mar 21, 2020 · 9e91146 · 9e91146
1 parent 9de2d81
commit 9e91146
Show file tree

Hide file tree

Showing 5 changed files with 59 additions and 0 deletions.
diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/import_rules_route.ts b/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/import_rules_route.ts
@@ -234,6 +234,7 @@ export const importRulesRoute = (router: IRouter, config: LegacyServices['config
                         references,
                         note,
                         version,
+                        lists,
                         anomalyThreshold,
                         machineLearningJobId,
                       });

diff --git a/...gacy/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_bulk_route.test.ts b/...gacy/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_bulk_route.test.ts
@@ -56,6 +56,32 @@ describe('patch_rules_bulk', () => {
       ]);
     });
 
+    test('allows ML Params to be patched', async () => {
+      const request = requestMock.create({
+        method: 'patch',
+        path: `${DETECTION_ENGINE_RULES_URL}/bulk_update`,
+        body: [
+          {
+            rule_id: 'my-rule-id',
+            anomaly_threshold: 4,
+            machine_learning_job_id: 'some_job_id',
+          },
+        ],
+      });
+      await server.inject(request, context);
+
+      expect(clients.alertsClient.update).toHaveBeenCalledWith(
+        expect.objectContaining({
+          data: expect.objectContaining({
+            params: expect.objectContaining({
+              anomalyThreshold: 4,
+              machineLearningJobId: 'some_job_id',
+            }),
+          }),
+        })
+      );
+    });
+
     test('returns 404 if alertClient is not available on the route', async () => {
       context.alerting!.getAlertsClient = jest.fn();
       const response = await server.inject(getPatchBulkRequest(), context);

diff --git a/...ck/legacy/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_bulk_route.ts b/...ck/legacy/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_bulk_route.ts
@@ -75,6 +75,8 @@ export const patchRulesBulkRoute = (router: IRouter) => {
             references,
             note,
             version,
+            anomaly_threshold: anomalyThreshold,
+            machine_learning_job_id: machineLearningJobId,
           } = payloadRule;
           const idOrRuleIdOrUnknown = id ?? ruleId ?? '(unknown id)';
           try {
@@ -111,6 +113,8 @@ export const patchRulesBulkRoute = (router: IRouter) => {
               references,
               note,
               version,
+              anomalyThreshold,
+              machineLearningJobId,
             });
             if (rule != null) {
               const ruleStatuses = await savedObjectsClient.find<

diff --git a/...ck/legacy/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_route.test.ts b/...ck/legacy/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_route.test.ts
@@ -85,6 +85,30 @@ describe('patch_rules', () => {
         status_code: 500,
       });
     });
+
+    test('allows ML Params to be patched', async () => {
+      const request = requestMock.create({
+        method: 'patch',
+        path: DETECTION_ENGINE_RULES_URL,
+        body: {
+          rule_id: 'my-rule-id',
+          anomaly_threshold: 4,
+          machine_learning_job_id: 'some_job_id',
+        },
+      });
+      await server.inject(request, context);
+
+      expect(clients.alertsClient.update).toHaveBeenCalledWith(
+        expect.objectContaining({
+          data: expect.objectContaining({
+            params: expect.objectContaining({
+              anomalyThreshold: 4,
+              machineLearningJobId: 'some_job_id',
+            }),
+          }),
+        })
+      );
+    });
   });
 
   describe('request validation', () => {

diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_route.ts b/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/patch_rules_route.ts
@@ -59,6 +59,8 @@ export const patchRulesRoute = (router: IRouter) => {
         references,
         note,
         version,
+        anomaly_threshold: anomalyThreshold,
+        machine_learning_job_id: machineLearningJobId,
       } = request.body;
       const siemResponse = buildSiemResponse(response);
 
@@ -108,6 +110,8 @@ export const patchRulesRoute = (router: IRouter) => {
           references,
           note,
           version,
+          anomalyThreshold,
+          machineLearningJobId,
         });
         if (rule != null) {
           const ruleStatuses = await savedObjectsClient.find<