Skip to content

Commit

Permalink
Remove legacy signals fields from new RAC alerts
Browse files Browse the repository at this point in the history
  • Loading branch information
marshallmain committed Oct 27, 2021
1 parent 5271010 commit b47668e
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ import { bulkCreateFactory, wrapHitsFactory, wrapSequencesFactory } from './fact
import { RuleExecutionLogClient, truncateMessageList } from '../rule_execution_log';
import { RuleExecutionStatus } from '../../../../common/detection_engine/schemas/common/schemas';
import { scheduleThrottledNotificationActions } from '../notifications/schedule_throttle_notification_actions';
import aadFieldConversion from '../routes/index/signal_aad_mapping.json';

/* eslint-disable complexity */
export const createSecurityRuleTypeWrapper: CreateSecurityRuleTypeWrapper =
Expand Down Expand Up @@ -225,16 +226,17 @@ export const createSecurityRuleTypeWrapper: CreateSecurityRuleTypeWrapper =
refresh
);

const legacySignalFields: string[] = Object.keys(aadFieldConversion);
const wrapHits = wrapHitsFactory({
ignoreFields,
ignoreFields: [...ignoreFields, ...legacySignalFields],
mergeStrategy,
completeRule,
spaceId,
});

const wrapSequences = wrapSequencesFactory({
logger,
ignoreFields,
ignoreFields: [...ignoreFields, ...legacySignalFields],
mergeStrategy,
completeRule,
spaceId,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -52,5 +52,5 @@ export const wrapHitsFactory =
};
});

return filterDuplicateSignals(completeRule.alertId, wrappedDocs, false);
return filterDuplicateSignals(completeRule.alertId, wrappedDocs, true);
};

0 comments on commit b47668e

Please sign in to comment.