diff --git a/x-pack/plugins/security_solution/common/detection_engine/parse_schedule_dates.ts b/x-pack/plugins/security_solution/common/detection_engine/parse_schedule_dates.ts new file mode 100644 index 0000000000000..b21cd84684fbc --- /dev/null +++ b/x-pack/plugins/security_solution/common/detection_engine/parse_schedule_dates.ts @@ -0,0 +1,20 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import moment from 'moment'; +import dateMath from '@elastic/datemath'; + +export const parseScheduleDates = (time: string): moment.Moment | null => { + const isValidDateString = !isNaN(Date.parse(time)); + const isValidInput = isValidDateString || time.trim().startsWith('now'); + const formattedDate = isValidDateString + ? moment(time) + : isValidInput + ? dateMath.parse(time) + : null; + + return formattedDate ?? null; +}; diff --git a/x-pack/plugins/security_solution/common/detection_engine/schemas/common/schemas.ts b/x-pack/plugins/security_solution/common/detection_engine/schemas/common/schemas.ts index 64f2f223a3073..a9f39d2db6080 100644 --- a/x-pack/plugins/security_solution/common/detection_engine/schemas/common/schemas.ts +++ b/x-pack/plugins/security_solution/common/detection_engine/schemas/common/schemas.ts @@ -14,7 +14,7 @@ import { UUID } from '../types/uuid'; import { IsoDateString } from '../types/iso_date_string'; import { PositiveIntegerGreaterThanZero } from '../types/positive_integer_greater_than_zero'; import { PositiveInteger } from '../types/positive_integer'; -import { parseScheduleDates } from '../../utils'; +import { parseScheduleDates } from '../../parse_schedule_dates'; export const author = t.array(t.string); export type Author = t.TypeOf; diff --git a/x-pack/plugins/security_solution/common/detection_engine/types.ts b/x-pack/plugins/security_solution/common/detection_engine/types.ts index 7c752bca49dbd..e7aab2fa5d219 100644 --- a/x-pack/plugins/security_solution/common/detection_engine/types.ts +++ b/x-pack/plugins/security_solution/common/detection_engine/types.ts @@ -3,18 +3,8 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -import * as t from 'io-ts'; - import { AlertAction } from '../../../alerts/common'; export type RuleAlertAction = Omit & { action_type_id: string; }; - -export const RuleTypeSchema = t.keyof({ - query: null, - saved_query: null, - machine_learning: null, - threshold: null, -}); -export type RuleType = t.TypeOf; diff --git a/x-pack/plugins/security_solution/common/detection_engine/utils.ts b/x-pack/plugins/security_solution/common/detection_engine/utils.ts index a70258c2684b6..a72d641fbaf78 100644 --- a/x-pack/plugins/security_solution/common/detection_engine/utils.ts +++ b/x-pack/plugins/security_solution/common/detection_engine/utils.ts @@ -4,11 +4,8 @@ * you may not use this file except in compliance with the Elastic License. */ -import moment from 'moment'; -import dateMath from '@elastic/datemath'; - import { EntriesArray } from '../shared_imports'; -import { RuleType } from './types'; +import { Type } from './schemas/common/schemas'; export const hasLargeValueList = (entries: EntriesArray): boolean => { const found = entries.filter(({ type }) => type === 'list'); @@ -20,16 +17,4 @@ export const hasNestedEntry = (entries: EntriesArray): boolean => { return found.length > 0; }; -export const isThresholdRule = (ruleType: RuleType) => ruleType === 'threshold'; - -export const parseScheduleDates = (time: string): moment.Moment | null => { - const isValidDateString = !isNaN(Date.parse(time)); - const isValidInput = isValidDateString || time.trim().startsWith('now'); - const formattedDate = isValidDateString - ? moment(time) - : isValidInput - ? dateMath.parse(time) - : null; - - return formattedDate ?? null; -}; +export const isThresholdRule = (ruleType: Type) => ruleType === 'threshold'; diff --git a/x-pack/plugins/security_solution/common/machine_learning/helpers.ts b/x-pack/plugins/security_solution/common/machine_learning/helpers.ts index fe3eb79a6f610..73dc30f238c7e 100644 --- a/x-pack/plugins/security_solution/common/machine_learning/helpers.ts +++ b/x-pack/plugins/security_solution/common/machine_learning/helpers.ts @@ -4,7 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ -import { RuleType } from '../detection_engine/types'; +import { Type } from '../detection_engine/schemas/common/schemas'; // Based on ML Job/Datafeed States from x-pack/legacy/plugins/ml/common/constants/states.js const enabledStates = ['started', 'opened']; @@ -23,4 +23,4 @@ export const isJobFailed = (jobState: string, datafeedState: string): boolean => return failureStates.includes(jobState) || failureStates.includes(datafeedState); }; -export const isMlRule = (ruleType: RuleType) => ruleType === 'machine_learning'; +export const isMlRule = (ruleType: Type) => ruleType === 'machine_learning'; diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/alert_context_menu.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/alert_context_menu.tsx index 589116c901c30..216ed0cbe264d 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/alert_context_menu.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/alert_context_menu.tsx @@ -17,9 +17,8 @@ import styled from 'styled-components'; import { TimelineId } from '../../../../../common/types/timeline'; import { DEFAULT_INDEX_PATTERN } from '../../../../../common/constants'; -import { Status } from '../../../../../common/detection_engine/schemas/common/schemas'; +import { Status, Type } from '../../../../../common/detection_engine/schemas/common/schemas'; import { isThresholdRule } from '../../../../../common/detection_engine/utils'; -import { RuleType } from '../../../../../common/detection_engine/types'; import { isMlRule } from '../../../../../common/machine_learning/helpers'; import { timelineActions } from '../../../../timelines/store/timeline'; import { EventsTd, EventsTdContent } from '../../../../timelines/components/timeline/styles'; @@ -409,7 +408,7 @@ const AlertContextMenuComponent: React.FC = ({ data: nonEcsRowData, fieldName: 'signal.rule.type', }); - const [ruleType] = ruleTypes as RuleType[]; + const [ruleType] = ruleTypes as Type[]; return !isMlRule(ruleType) && !isThresholdRule(ruleType); }, [nonEcsRowData]); diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/description_step/helpers.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/description_step/helpers.tsx index 3a0a5b04c5874..680ca78fc222e 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/description_step/helpers.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/rules/description_step/helpers.tsx @@ -24,8 +24,7 @@ import styled from 'styled-components'; import { assertUnreachable } from '../../../../../common/utility_types'; import * as i18nSeverity from '../severity_mapping/translations'; import * as i18nRiskScore from '../risk_score_mapping/translations'; -import { Threshold } from '../../../../../common/detection_engine/schemas/common/schemas'; -import { RuleType } from '../../../../../common/detection_engine/types'; +import { Threshold, Type } from '../../../../../common/detection_engine/schemas/common/schemas'; import { esFilters } from '../../../../../../../../src/plugins/data/public'; import { tacticsOptions, techniquesOptions } from '../../../mitre/mitre_tactics_techniques'; @@ -357,7 +356,7 @@ export const buildNoteDescription = (label: string, note: string): ListItems[] = return []; }; -export const buildRuleTypeDescription = (label: string, ruleType: RuleType): ListItems[] => { +export const buildRuleTypeDescription = (label: string, ruleType: Type): ListItems[] => { switch (ruleType) { case 'machine_learning': { return [ diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/description_step/index.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/description_step/index.tsx index 00141c9a453d8..cf27fa97b1479 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/description_step/index.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/rules/description_step/index.tsx @@ -9,7 +9,6 @@ import { isEmpty, chunk, get, pick, isNumber } from 'lodash/fp'; import React, { memo, useState } from 'react'; import styled from 'styled-components'; -import { RuleType } from '../../../../../common/detection_engine/types'; import { IIndexPattern, Filter, @@ -42,6 +41,7 @@ import { useSecurityJobs } from '../../../../common/components/ml_popover/hooks/ import { buildMlJobDescription } from './ml_job_description'; import { buildActionsDescription } from './actions_description'; import { buildThrottleDescription } from './throttle_description'; +import { Type } from '../../../../../common/detection_engine/schemas/common/schemas'; const DescriptionListContainer = styled(EuiDescriptionList)` &.euiDescriptionList--column .euiDescriptionList__title { @@ -211,7 +211,7 @@ export const getDescriptionItem = ( const val: string = get(field, data); return buildNoteDescription(label, val); } else if (field === 'ruleType') { - const ruleType: RuleType = get(field, data); + const ruleType: Type = get(field, data); return buildRuleTypeDescription(label, ruleType); } else if (field === 'kibanaSiemAppUrl') { return []; diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/select_rule_type/index.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/select_rule_type/index.tsx index c6ea269e1a355..6f5f3361d2b3e 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/select_rule_type/index.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/rules/select_rule_type/index.tsx @@ -9,11 +9,11 @@ import { EuiCard, EuiFlexGrid, EuiFlexItem, EuiFormRow, EuiIcon } from '@elastic import { isMlRule } from '../../../../../common/machine_learning/helpers'; import { isThresholdRule } from '../../../../../common/detection_engine/utils'; -import { RuleType } from '../../../../../common/detection_engine/types'; import { FieldHook } from '../../../../shared_imports'; import { useKibana } from '../../../../common/lib/kibana'; import * as i18n from './translations'; import { MlCardDescription } from './ml_card_description'; +import { Type } from '../../../../../common/detection_engine/schemas/common/schemas'; interface SelectRuleTypeProps { describedByIds?: string[]; @@ -30,9 +30,9 @@ export const SelectRuleType: React.FC = ({ hasValidLicense = false, isMlAdmin = false, }) => { - const ruleType = field.value as RuleType; + const ruleType = field.value as Type; const setType = useCallback( - (type: RuleType) => { + (type: Type) => { field.setValue(type); }, [field] diff --git a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/types.ts b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/types.ts index a5bbc0465ccc1..166bb90113aef 100644 --- a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/types.ts +++ b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/rules/types.ts @@ -6,7 +6,6 @@ import * as t from 'io-ts'; -import { RuleTypeSchema } from '../../../../../common/detection_engine/types'; import { author, building_block_type, @@ -16,6 +15,7 @@ import { severity_mapping, timestamp_override, threshold, + type, } from '../../../../../common/detection_engine/schemas/common/schemas'; import { listArray, @@ -44,7 +44,7 @@ export const NewRuleSchema = t.intersection([ name: t.string, risk_score: t.number, severity: t.string, - type: RuleTypeSchema, + type, }), t.partial({ actions: t.array(action), @@ -117,7 +117,7 @@ export const RuleSchema = t.intersection([ severity: t.string, severity_mapping, tags: t.array(t.string), - type: RuleTypeSchema, + type, to: t.string, threat: t.array(t.unknown), updated_at: t.string, diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/create/helpers.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/create/helpers.ts index 434a33ac37722..f4a40b771c9fa 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/create/helpers.ts +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/create/helpers.ts @@ -10,12 +10,12 @@ import deepmerge from 'deepmerge'; import { NOTIFICATION_THROTTLE_NO_ACTIONS } from '../../../../../../common/constants'; import { transformAlertToRuleAction } from '../../../../../../common/detection_engine/transform_actions'; -import { RuleType } from '../../../../../../common/detection_engine/types'; import { isMlRule } from '../../../../../../common/machine_learning/helpers'; import { isThresholdRule } from '../../../../../../common/detection_engine/utils'; import { List } from '../../../../../../common/detection_engine/schemas/types'; import { ENDPOINT_LIST_ID } from '../../../../../shared_imports'; import { NewRule, Rule } from '../../../../containers/detection_engine/rules'; +import { Type } from '../../../../../../common/detection_engine/schemas/common/schemas'; import { AboutStepRule, @@ -68,7 +68,7 @@ const isThresholdFields = ( fields: QueryRuleFields | MlRuleFields | ThresholdRuleFields ): fields is ThresholdRuleFields => has('threshold', fields); -export const filterRuleFieldsForType = (fields: T, type: RuleType) => { +export const filterRuleFieldsForType = (fields: T, type: Type) => { if (isMlRule(type)) { const { index, queryBar, threshold, ...mlRuleFields } = fields; return mlRuleFields; @@ -119,7 +119,7 @@ export const formatDefineStepData = (defineStepData: DefineStepRule): DefineStep query: ruleFields.queryBar?.query?.query as string, saved_id: ruleFields.queryBar?.saved_id, ...(ruleType === 'query' && - ruleFields.queryBar?.saved_id && { type: 'saved_query' as RuleType }), + ruleFields.queryBar?.saved_id && { type: 'saved_query' as Type }), }; return { diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/helpers.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/helpers.tsx index f9279ce639534..8178f5ae5ba1d 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/helpers.tsx +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/helpers.tsx @@ -10,7 +10,7 @@ import memoizeOne from 'memoize-one'; import { useLocation } from 'react-router-dom'; import { ActionVariable } from '../../../../../../triggers_actions_ui/public'; -import { RuleAlertAction, RuleType } from '../../../../../common/detection_engine/types'; +import { RuleAlertAction } from '../../../../../common/detection_engine/types'; import { isMlRule } from '../../../../../common/machine_learning/helpers'; import { transformRuleToAlertAction } from '../../../../../common/detection_engine/transform_actions'; import { Filter } from '../../../../../../../../src/plugins/data/public'; @@ -24,7 +24,10 @@ import { ScheduleStepRule, ActionsStepRule, } from './types'; -import { SeverityMapping } from '../../../../../common/detection_engine/schemas/common/schemas'; +import { + SeverityMapping, + Type, +} from '../../../../../common/detection_engine/schemas/common/schemas'; import { severityOptions } from '../../../components/rules/step_about_rule/data'; export interface GetStepsData { @@ -307,7 +310,7 @@ export const redirectToDetections = ( hasEncryptionKey === false || needsListsConfiguration; -const getRuleSpecificRuleParamKeys = (ruleType: RuleType) => { +const getRuleSpecificRuleParamKeys = (ruleType: Type) => { const queryRuleParams = ['index', 'filters', 'language', 'query', 'saved_id']; if (isMlRule(ruleType)) { @@ -321,7 +324,7 @@ const getRuleSpecificRuleParamKeys = (ruleType: RuleType) => { return queryRuleParams; }; -export const getActionMessageRuleParams = (ruleType: RuleType): string[] => { +export const getActionMessageRuleParams = (ruleType: Type): string[] => { const commonRuleParamsKeys = [ 'id', 'name', @@ -349,23 +352,21 @@ export const getActionMessageRuleParams = (ruleType: RuleType): string[] => { return ruleParamsKeys; }; -export const getActionMessageParams = memoizeOne( - (ruleType: RuleType | undefined): ActionVariable[] => { - if (!ruleType) { - return []; - } - const actionMessageRuleParams = getActionMessageRuleParams(ruleType); - - return [ - { name: 'state.signals_count', description: 'state.signals_count' }, - { name: '{context.results_link}', description: 'context.results_link' }, - ...actionMessageRuleParams.map((param) => { - const extendedParam = `context.rule.${param}`; - return { name: extendedParam, description: extendedParam }; - }), - ]; +export const getActionMessageParams = memoizeOne((ruleType: Type | undefined): ActionVariable[] => { + if (!ruleType) { + return []; } -); + const actionMessageRuleParams = getActionMessageRuleParams(ruleType); + + return [ + { name: 'state.signals_count', description: 'state.signals_count' }, + { name: '{context.results_link}', description: 'context.results_link' }, + ...actionMessageRuleParams.map((param) => { + const extendedParam = `context.rule.${param}`; + return { name: extendedParam, description: extendedParam }; + }), + ]; +}); // typed as null not undefined as the initial state for this value is null. export const userHasNoPermissions = (canUserCRUD: boolean | null): boolean => diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/types.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/types.ts index e36f08703dae5..891af4b8ca80e 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/types.ts +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/types.ts @@ -4,7 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ -import { RuleAlertAction, RuleType } from '../../../../../common/detection_engine/types'; +import { RuleAlertAction } from '../../../../../common/detection_engine/types'; import { AlertAction } from '../../../../../../alerts/common'; import { Filter } from '../../../../../../../../src/plugins/data/common'; import { FormData, FormHook } from '../../../../shared_imports'; @@ -19,6 +19,7 @@ import { RuleNameOverride, SeverityMapping, TimestampOverride, + Type, } from '../../../../../common/detection_engine/schemas/common/schemas'; import { List } from '../../../../../common/detection_engine/schemas/types'; @@ -102,7 +103,7 @@ export interface DefineStepRule extends StepRuleData { index: string[]; machineLearningJobId: string; queryBar: FieldValueQueryBar; - ruleType: RuleType; + ruleType: Type; timeline: FieldValueTimeline; threshold: FieldValueThreshold; } @@ -134,7 +135,7 @@ export interface DefineStepRuleJson { }; timeline_id?: string; timeline_title?: string; - type: RuleType; + type: Type; } export interface AboutStepRuleJson { diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/rules_notification_alert_type.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/rules_notification_alert_type.ts index 0a899562d61c2..802b9472a4487 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/rules_notification_alert_type.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/rules_notification_alert_type.ts @@ -14,7 +14,7 @@ import { RuleAlertAttributes } from '../signals/types'; import { siemRuleActionGroups } from '../signals/siem_rule_action_groups'; import { scheduleNotificationActions } from './schedule_notification_actions'; import { getNotificationResultsLink } from './utils'; -import { parseScheduleDates } from '../../../../common/detection_engine/utils'; +import { parseScheduleDates } from '../../../../common/detection_engine/parse_schedule_dates'; export const rulesNotificationAlertType = ({ logger, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.test.ts index a7213c30eb3fb..b8311182f3ca8 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.test.ts @@ -17,7 +17,7 @@ import { getExceptions, sortExceptionItems, } from './utils'; -import { parseScheduleDates } from '../../../../common/detection_engine/utils'; +import { parseScheduleDates } from '../../../../common/detection_engine/parse_schedule_dates'; import { RuleExecutorOptions } from './types'; import { searchAfterAndBulkCreate } from './search_after_bulk_create'; import { scheduleNotificationActions } from '../notifications/schedule_notification_actions'; @@ -38,6 +38,7 @@ jest.mock('../notifications/schedule_notification_actions'); jest.mock('./find_ml_signals'); jest.mock('./bulk_create_ml_signals'); jest.mock('./../../../../common/detection_engine/utils'); +jest.mock('../../../../common/detection_engine/parse_schedule_dates'); const getPayload = (ruleAlert: RuleAlertType, services: AlertServicesMock) => ({ alertId: ruleAlert.id, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts index 9d688736a9846..da17d4a1f123a 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts @@ -14,7 +14,7 @@ import { SERVER_APP_ID, } from '../../../../common/constants'; import { isJobStarted, isMlRule } from '../../../../common/machine_learning/helpers'; -import { parseScheduleDates } from '../../../../common/detection_engine/utils'; +import { parseScheduleDates } from '../../../../common/detection_engine/parse_schedule_dates'; import { SetupPlugins } from '../../../plugin'; import { getInputIndex } from './get_input_output_index'; import { diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.test.ts index a2e2fec3309c3..d053a8e1089ad 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.test.ts @@ -13,7 +13,7 @@ import { buildRuleMessageFactory } from './rule_messages'; import { ExceptionListClient } from '../../../../../lists/server'; import { getListArrayMock } from '../../../../common/detection_engine/schemas/types/lists.mock'; import { getExceptionListItemSchemaMock } from '../../../../../lists/common/schemas/response/exception_list_item_schema.mock'; -import { parseScheduleDates } from '../../../../common/detection_engine/utils'; +import { parseScheduleDates } from '../../../../common/detection_engine/parse_schedule_dates'; import { generateId, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts index 92cc9be69839f..dc09c6d5386fc 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts @@ -14,7 +14,8 @@ import { ExceptionListItemSchema } from '../../../../../lists/common/schemas'; import { ListArrayOrUndefined } from '../../../../common/detection_engine/schemas/types/lists'; import { BulkResponse, BulkResponseErrorAggregation, isValidUnit } from './types'; import { BuildRuleMessage } from './rule_messages'; -import { hasLargeValueList, parseScheduleDates } from '../../../../common/detection_engine/utils'; +import { parseScheduleDates } from '../../../../common/detection_engine/parse_schedule_dates'; +import { hasLargeValueList } from '../../../../common/detection_engine/utils'; import { MAX_EXCEPTION_LIST_SIZE } from '../../../../../lists/common/constants'; interface SortExceptionsReturn { diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/types.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/types.ts index 4b4f5147c9a42..cbe756064b72b 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/types.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/types.ts @@ -36,10 +36,10 @@ import { RuleNameOverrideOrUndefined, SeverityMappingOrUndefined, TimestampOverrideOrUndefined, + Type, } from '../../../common/detection_engine/schemas/common/schemas'; import { LegacyCallAPIOptions } from '../../../../../../src/core/server'; import { Filter } from '../../../../../../src/plugins/data/server'; -import { RuleType } from '../../../common/detection_engine/types'; import { ListArrayOrUndefined } from '../../../common/detection_engine/schemas/types'; export type PartialFilter = Partial; @@ -75,7 +75,7 @@ export interface RuleTypeParams { threshold: ThresholdOrUndefined; timestampOverride: TimestampOverrideOrUndefined; to: To; - type: RuleType; + type: Type; references: References; version: Version; exceptionsList: ListArrayOrUndefined; diff --git a/x-pack/plugins/security_solution/server/lib/machine_learning/authz.ts b/x-pack/plugins/security_solution/server/lib/machine_learning/authz.ts index 386eda5281f0c..ff565c05848f9 100644 --- a/x-pack/plugins/security_solution/server/lib/machine_learning/authz.ts +++ b/x-pack/plugins/security_solution/server/lib/machine_learning/authz.ts @@ -13,12 +13,12 @@ import { SetupPlugins } from '../../plugin'; import { MINIMUM_ML_LICENSE } from '../../../common/constants'; import { hasMlAdminPermissions } from '../../../common/machine_learning/has_ml_admin_permissions'; import { isMlRule } from '../../../common/machine_learning/helpers'; -import { RuleType } from '../../../common/detection_engine/types'; import { Validation } from './validation'; import { cache } from './cache'; +import { Type } from '../../../common/detection_engine/schemas/common/schemas'; export interface MlAuthz { - validateRuleType: (type: RuleType) => Promise; + validateRuleType: (type: Type) => Promise; } /** @@ -40,7 +40,7 @@ export const buildMlAuthz = ({ request: KibanaRequest; }): MlAuthz => { const cachedValidate = cache(() => validateMlAuthz({ license, ml, request })); - const validateRuleType = async (type: RuleType): Promise => { + const validateRuleType = async (type: Type): Promise => { if (!isMlRule(type)) { return { valid: true, message: undefined }; } else {