Merge branch 'main' into security-solution-fix-skipped-test-143718

elastic · Oct 24, 2022 · d4d62d5 · d4d62d5
2 parents 3b2c01f + 21c7f5e
commit d4d62d5
Show file tree

Hide file tree

Showing 31 changed files with 3,542 additions and 3,500 deletions.
diff --git a/.buildkite/ftr_configs.yml b/.buildkite/ftr_configs.yml
@@ -142,6 +142,7 @@ enabled:
   - x-pack/test/detection_engine_api_integration/security_and_spaces/group8/config.ts
   - x-pack/test/detection_engine_api_integration/security_and_spaces/group9/config.ts
   - x-pack/test/detection_engine_api_integration/security_and_spaces/group10/config.ts
+  - x-pack/test/detection_engine_api_integration/security_and_spaces/rule_execution_logic/config.ts
   - x-pack/test/encrypted_saved_objects_api_integration/config.ts
   - x-pack/test/endpoint_api_integration_no_ingest/config.ts
   - x-pack/test/examples/config.ts

diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/threshold.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/threshold.ts
@@ -92,7 +92,7 @@ export const thresholdExecutor = async ({
       : await getThresholdSignalHistory({
           from: tuple.from.toISOString(),
           to: tuple.to.toISOString(),
-          ruleId: ruleParams.ruleId,
+          frameworkRuleId: completeRule.alertId,
           bucketByFields: ruleParams.threshold.field,
           ruleDataReader,
         });

diff --git a/...etection_engine/signals/threshold/__snapshots__/get_threshold_signal_history.test.ts.snap b/...etection_engine/signals/threshold/__snapshots__/get_threshold_signal_history.test.ts.snap
diff --git a/...lution/server/lib/detection_engine/signals/threshold/get_threshold_signal_history.test.ts b/...lution/server/lib/detection_engine/signals/threshold/get_threshold_signal_history.test.ts
@@ -12,21 +12,21 @@ describe('buildPreviousThresholdAlertRequest', () => {
     const bucketByFields: string[] = [];
     const to = 'now';
     const from = 'now-6m';
-    const ruleId = 'threshold-rule';
+    const frameworkRuleId = 'threshold-rule';
 
     expect(
-      buildPreviousThresholdAlertRequest({ from, to, ruleId, bucketByFields })
+      buildPreviousThresholdAlertRequest({ from, to, frameworkRuleId, bucketByFields })
     ).toMatchSnapshot();
   });
 
   it('should generate a proper request when bucketByFields contains multiple fields', async () => {
     const bucketByFields: string[] = ['host.name', 'user.name'];
     const to = 'now';
     const from = 'now-6m';
-    const ruleId = 'threshold-rule';
+    const frameworkRuleId = 'threshold-rule';
 
     expect(
-      buildPreviousThresholdAlertRequest({ from, to, ruleId, bucketByFields })
+      buildPreviousThresholdAlertRequest({ from, to, frameworkRuleId, bucketByFields })
     ).toMatchSnapshot();
   });
 });
diff --git a/...ty_solution/server/lib/detection_engine/signals/threshold/get_threshold_signal_history.ts b/...ty_solution/server/lib/detection_engine/signals/threshold/get_threshold_signal_history.ts
@@ -7,22 +7,23 @@
 
 import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey';
 import type { IRuleDataReader } from '@kbn/rule-registry-plugin/server';
+import { ALERT_RULE_UUID } from '@kbn/rule-data-utils';
 import type { ThresholdSignalHistory } from '../types';
 import { buildThresholdSignalHistory } from './build_signal_history';
 import { createErrorsFromShard } from '../utils';
 
 interface GetThresholdSignalHistoryParams {
   from: string;
   to: string;
-  ruleId: string;
+  frameworkRuleId: string;
   bucketByFields: string[];
   ruleDataReader: IRuleDataReader;
 }
 
 export const getThresholdSignalHistory = async ({
   from,
   to,
-  ruleId,
+  frameworkRuleId,
   bucketByFields,
   ruleDataReader,
 }: GetThresholdSignalHistoryParams): Promise<{
@@ -32,7 +33,7 @@ export const getThresholdSignalHistory = async ({
   const request = buildPreviousThresholdAlertRequest({
     from,
     to,
-    ruleId,
+    frameworkRuleId,
     bucketByFields,
   });
 
@@ -48,12 +49,12 @@ export const getThresholdSignalHistory = async ({
 export const buildPreviousThresholdAlertRequest = ({
   from,
   to,
-  ruleId,
+  frameworkRuleId,
   bucketByFields,
 }: {
   from: string;
   to: string;
-  ruleId: string;
+  frameworkRuleId: string;
   bucketByFields: string[];
 }): estypes.SearchRequest => {
   return {
@@ -80,7 +81,7 @@ export const buildPreviousThresholdAlertRequest = ({
             },
             {
               term: {
-                'signal.rule.rule_id': ruleId,
+                [ALERT_RULE_UUID]: frameworkRuleId,
               },
             },
             // We might find a signal that was generated on the interval for old data... make sure to exclude those.

diff --git a/x-pack/test/detection_engine_api_integration/common/config.ts b/x-pack/test/detection_engine_api_integration/common/config.ts
@@ -77,6 +77,7 @@ export function createTestConfig(options: CreateTestConfigOptions, testFiles?: s
           `--xpack.securitySolution.enableExperimental=${JSON.stringify([
             'previewTelemetryUrlEnabled',
           ])}`,
+          '--xpack.task_manager.poll_interval=1000',
           ...(ssl
             ? [
                 `--elasticsearch.hosts=${servers.elasticsearch.protocol}://${servers.elasticsearch.hostname}:${servers.elasticsearch.port}`,