From b4de7c5f70b1a4dac136428e9b57dac9518e2433 Mon Sep 17 00:00:00 2001
From: Maxim Palenov <maxim.palenov@elastic.co>
Date: Mon, 9 Dec 2024 08:23:29 +0100
Subject: [PATCH] fix threat match rules upgrade

---
 .../api/perform_rule_upgrade/diffable_rule_fields_mappings.ts  | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/diffable_rule_fields_mappings.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/diffable_rule_fields_mappings.ts
index 7caa0469eebeb..72ffd42dbd085 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/diffable_rule_fields_mappings.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/diffable_rule_fields_mappings.ts
@@ -132,6 +132,9 @@ const SUBFIELD_MAPPING: Record<string, string> = {
   tiebreaker_field: 'tiebreaker_field',
   timestamp_field: 'timestamp_field',
   building_block_type: 'type',
+  threat_query: 'query',
+  threat_language: 'language',
+  threat_filters: 'filters',
   rule_name_override: 'field_name',
   timestamp_override: 'field_name',
   timestamp_override_fallback_disabled: 'fallback_disabled',