From c6b3f5191d1ef9049334ffe5d512625b16d28c0c Mon Sep 17 00:00:00 2001 From: Ryland Herrick Date: Thu, 5 Aug 2021 14:36:44 -0500 Subject: [PATCH] [Security Solution, Lists] Replace legacy imports from 'elasticsearch' package (#107226) * Remove legacy imports from 'elasticsearch' package This prefers the newer types from '@elastic/elasticsearch'. There was one instance where mock data was insufficient to satisfy the newer analogous types; in all other cases this was just a find/replace. * Fix type errors with a null guard We know that this mock has hits with _source values, but we cannot convey this to typescript as null assertions are disabled within this project. This seems like the next best solution, preferable to a @ts-expect-error. * Fix a few more type errors * Replace legacy type imports in integration tests * refactors destructuring due to _source being properly declared as conditional * Update more integration tests to account for our optional _source Changes here fall into one of two categories: * If the test was making an assertion on a value from _source, we simply null chain and continue to assert on a possibly undefined value. * If the test logic depends on _source being present, we first assert that presence, and exit the test early if absent. * Fix more type errors Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> --- .../server/schemas/common/get_shard.mock.ts | 4 +- .../search_es_list_item_schema.mock.ts | 4 +- .../search_es_list_schema.mock.ts | 6 +- .../services/items/find_list_item.mock.ts | 4 +- .../items/write_list_items_to_stream.test.ts | 4 +- .../transform_elastic_to_list_item.test.ts | 12 +- .../exceptions/use_add_exception.test.tsx | 4 +- .../exceptions/use_add_exception.tsx | 6 +- .../components/alerts_table/actions.tsx | 8 +- .../containers/detection_engine/alerts/api.ts | 4 +- .../components/authentications_table/mock.ts | 16 ++- .../routes/metadata/support/test_support.ts | 8 +- .../endpoint/routes/policy/handlers.test.ts | 6 +- .../endpoint/services/metadata/metadata.ts | 7 +- .../tests/common/cases/patch_cases.ts | 14 +-- .../tests/common/comments/post_comment.ts | 4 +- .../basic/tests/open_close_signals.ts | 18 +-- .../security_and_spaces/tests/aliases.ts | 4 +- .../tests/create_endpoint_exceptions.ts | 40 +++---- .../security_and_spaces/tests/create_ml.ts | 6 +- .../tests/create_signals_migrations.ts | 8 +- .../tests/create_threat_matching.ts | 19 ++- .../exception_operators_data_types/date.ts | 44 +++---- .../exception_operators_data_types/double.ts | 60 +++++----- .../exception_operators_data_types/float.ts | 60 +++++----- .../exception_operators_data_types/integer.ts | 60 +++++----- .../exception_operators_data_types/ip.ts | 56 ++++----- .../ip_array.ts | 54 ++++----- .../exception_operators_data_types/keyword.ts | 46 ++++---- .../keyword_array.ts | 46 ++++---- .../exception_operators_data_types/long.ts | 60 +++++----- .../exception_operators_data_types/text.ts | 72 ++++++------ .../text_array.ts | 46 ++++---- .../tests/generating_signals.ts | 111 +++++++++++------- .../tests/keyword_family/const_keyword.ts | 6 +- .../tests/keyword_family/keyword.ts | 6 +- .../keyword_mixed_with_const.ts | 6 +- .../tests/open_close_signals.ts | 38 ++---- .../security_and_spaces/tests/runtime.ts | 8 +- .../security_and_spaces/tests/timestamps.ts | 10 +- .../detection_engine_api_integration/utils.ts | 22 ++-- 41 files changed, 532 insertions(+), 485 deletions(-) diff --git a/x-pack/plugins/lists/server/schemas/common/get_shard.mock.ts b/x-pack/plugins/lists/server/schemas/common/get_shard.mock.ts index cc142157e91a2..43511a748ba1a 100644 --- a/x-pack/plugins/lists/server/schemas/common/get_shard.mock.ts +++ b/x-pack/plugins/lists/server/schemas/common/get_shard.mock.ts @@ -5,9 +5,9 @@ * 2.0. */ -import { ShardsResponse } from 'elasticsearch'; +import type { estypes } from '@elastic/elasticsearch'; -export const getShardMock = (): ShardsResponse => ({ +export const getShardMock = (): estypes.ShardStatistics => ({ failed: 0, skipped: 0, successful: 0, diff --git a/x-pack/plugins/lists/server/schemas/elastic_response/search_es_list_item_schema.mock.ts b/x-pack/plugins/lists/server/schemas/elastic_response/search_es_list_item_schema.mock.ts index de49e822f7dc8..2f213ccfbad06 100644 --- a/x-pack/plugins/lists/server/schemas/elastic_response/search_es_list_item_schema.mock.ts +++ b/x-pack/plugins/lists/server/schemas/elastic_response/search_es_list_item_schema.mock.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { SearchResponse } from 'elasticsearch'; +import type { estypes } from '@elastic/elasticsearch'; import { DATE_NOW, @@ -61,7 +61,7 @@ export const getSearchEsListItemMock = (): SearchEsListItemSchema => ({ ip: VALUE, }); -export const getSearchListItemMock = (): SearchResponse => ({ +export const getSearchListItemMock = (): estypes.SearchResponse => ({ _scroll_id: '123', _shards: getShardMock(), hits: { diff --git a/x-pack/plugins/lists/server/schemas/elastic_response/search_es_list_schema.mock.ts b/x-pack/plugins/lists/server/schemas/elastic_response/search_es_list_schema.mock.ts index 07d8c92f79932..2cfbaf26f9d6a 100644 --- a/x-pack/plugins/lists/server/schemas/elastic_response/search_es_list_schema.mock.ts +++ b/x-pack/plugins/lists/server/schemas/elastic_response/search_es_list_schema.mock.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { SearchResponse } from 'elasticsearch'; +import type { estypes } from '@elastic/elasticsearch'; import { DATE_NOW, @@ -40,7 +40,7 @@ export const getSearchEsListMock = (): SearchEsListSchema => ({ version: VERSION, }); -export const getSearchListMock = (): SearchResponse => ({ +export const getSearchListMock = (): estypes.SearchResponse => ({ _scroll_id: '123', _shards: getShardMock(), hits: { @@ -60,7 +60,7 @@ export const getSearchListMock = (): SearchResponse => ({ took: 10, }); -export const getEmptySearchListMock = (): SearchResponse => ({ +export const getEmptySearchListMock = (): estypes.SearchResponse => ({ _scroll_id: '123', _shards: getShardMock(), hits: { diff --git a/x-pack/plugins/lists/server/services/items/find_list_item.mock.ts b/x-pack/plugins/lists/server/services/items/find_list_item.mock.ts index c00da8ab2496b..1c1ce872a402d 100644 --- a/x-pack/plugins/lists/server/services/items/find_list_item.mock.ts +++ b/x-pack/plugins/lists/server/services/items/find_list_item.mock.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { Client } from 'elasticsearch'; +import type { estypes } from '@elastic/elasticsearch'; // eslint-disable-next-line @kbn/eslint/no-restricted-paths import { elasticsearchClientMock } from 'src/core/server/elasticsearch/client/mocks'; @@ -14,7 +14,7 @@ import { getShardMock } from '../../schemas/common/get_shard.mock'; import { FindListItemOptions } from './find_list_item'; -export const getFindCount = (): ReturnType => { +export const getFindCount = (): Promise => { return Promise.resolve({ _shards: getShardMock(), count: 1, diff --git a/x-pack/plugins/lists/server/services/items/write_list_items_to_stream.test.ts b/x-pack/plugins/lists/server/services/items/write_list_items_to_stream.test.ts index e6d0b21ab0517..0918b9ebdedae 100644 --- a/x-pack/plugins/lists/server/services/items/write_list_items_to_stream.test.ts +++ b/x-pack/plugins/lists/server/services/items/write_list_items_to_stream.test.ts @@ -106,7 +106,9 @@ describe('write_list_items_to_stream', () => { firstResponse.hits.hits[0].sort = ['some-sort-value']; const secondResponse = getSearchListItemMock(); - secondResponse.hits.hits[0]._source.ip = '255.255.255.255'; + if (secondResponse.hits.hits[0]._source) { + secondResponse.hits.hits[0]._source.ip = '255.255.255.255'; + } const esClient = elasticsearchClientMock.createScopedClusterClient().asCurrentUser; esClient.search.mockResolvedValueOnce( diff --git a/x-pack/plugins/lists/server/services/utils/transform_elastic_to_list_item.test.ts b/x-pack/plugins/lists/server/services/utils/transform_elastic_to_list_item.test.ts index 2714d13cb0a26..e2ec36e533bd1 100644 --- a/x-pack/plugins/lists/server/services/utils/transform_elastic_to_list_item.test.ts +++ b/x-pack/plugins/lists/server/services/utils/transform_elastic_to_list_item.test.ts @@ -37,8 +37,10 @@ describe('transform_elastic_to_list_item', () => { test('it transforms an elastic keyword type to a list item type', () => { const response = getSearchListItemMock(); - response.hits.hits[0]._source.ip = undefined; - response.hits.hits[0]._source.keyword = 'host-name-example'; + if (response.hits.hits[0]._source) { + response.hits.hits[0]._source.ip = undefined; + response.hits.hits[0]._source.keyword = 'host-name-example'; + } const queryFilter = transformElasticToListItem({ response, type: 'keyword', @@ -68,8 +70,10 @@ describe('transform_elastic_to_list_item', () => { const { hits: { hits }, } = getSearchListItemMock(); - hits[0]._source.ip = undefined; - hits[0]._source.keyword = 'host-name-example'; + if (hits[0]._source) { + hits[0]._source.ip = undefined; + hits[0]._source.keyword = 'host-name-example'; + } const queryFilter = transformElasticHitsToListItem({ hits, type: 'keyword', diff --git a/x-pack/plugins/security_solution/public/common/components/exceptions/use_add_exception.test.tsx b/x-pack/plugins/security_solution/public/common/components/exceptions/use_add_exception.test.tsx index e4a015525dfb4..bf336c00f94d2 100644 --- a/x-pack/plugins/security_solution/public/common/components/exceptions/use_add_exception.test.tsx +++ b/x-pack/plugins/security_solution/public/common/components/exceptions/use_add_exception.test.tsx @@ -6,6 +6,7 @@ */ import { act, renderHook, RenderHookResult } from '@testing-library/react-hooks'; +import type { estypes } from '@elastic/elasticsearch'; import { coreMock } from '../../../../../../../src/core/public/mocks'; import { KibanaServices } from '../../../common/lib/kibana'; @@ -28,7 +29,6 @@ import { ReturnUseAddOrUpdateException, AddOrUpdateExceptionItemsFunc, } from './use_add_exception'; -import { UpdateDocumentByQueryResponse } from 'elasticsearch'; const mockKibanaHttpService = coreMock.createStart().http; const mockKibanaServices = KibanaServices.get as jest.Mock; @@ -39,7 +39,7 @@ const fetchMock = jest.fn(); mockKibanaServices.mockReturnValue({ http: { fetch: fetchMock } }); describe('useAddOrUpdateException', () => { - let updateAlertStatus: jest.SpyInstance>; + let updateAlertStatus: jest.SpyInstance>; let addExceptionListItem: jest.SpyInstance>; let updateExceptionListItem: jest.SpyInstance>; let getQueryFilter: jest.SpyInstance>; diff --git a/x-pack/plugins/security_solution/public/common/components/exceptions/use_add_exception.tsx b/x-pack/plugins/security_solution/public/common/components/exceptions/use_add_exception.tsx index dbae0964b41a8..722632e88377d 100644 --- a/x-pack/plugins/security_solution/public/common/components/exceptions/use_add_exception.tsx +++ b/x-pack/plugins/security_solution/public/common/components/exceptions/use_add_exception.tsx @@ -6,7 +6,7 @@ */ import { useEffect, useRef, useState, useCallback } from 'react'; -import { UpdateDocumentByQueryResponse } from 'elasticsearch'; +import type { estypes } from '@elastic/elasticsearch'; import type { ExceptionListItemSchema, CreateExceptionListItemSchema, @@ -120,8 +120,8 @@ export const useAddOrUpdateException = ({ try { setIsLoading(true); - let alertIdResponse: UpdateDocumentByQueryResponse | undefined; - let bulkResponse: UpdateDocumentByQueryResponse | undefined; + let alertIdResponse: estypes.UpdateByQueryResponse | undefined; + let bulkResponse: estypes.UpdateByQueryResponse | undefined; if (alertIdToClose != null) { alertIdResponse = await updateAlertStatus({ query: getUpdateAlertsQuery([alertIdToClose]), diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx index 245aa67d677be..d48bc95f5d480 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/actions.tsx @@ -94,7 +94,7 @@ export const updateAlertStatusAction = async ({ // TODO: Only delete those that were successfully updated from updatedRules setEventsDeleted({ eventIds: alertIds, isDeleted: true }); - if (response.version_conflicts > 0 && alertIds.length === 1) { + if (response.version_conflicts && alertIds.length === 1) { throw new Error( i18n.translate( 'xpack.securitySolution.detectionEngine.alerts.updateAlertStatusFailedSingleAlert', @@ -105,7 +105,11 @@ export const updateAlertStatusAction = async ({ ); } - onAlertStatusUpdateSuccess(response.updated, response.version_conflicts, selectedStatus); + onAlertStatusUpdateSuccess( + response.updated ?? 0, + response.version_conflicts ?? 0, + selectedStatus + ); } catch (error) { onAlertStatusUpdateFailure(selectedStatus, error); } finally { diff --git a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/alerts/api.ts b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/alerts/api.ts index 72a9bf6e84441..3d4a7dba0de57 100644 --- a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/alerts/api.ts +++ b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/alerts/api.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { UpdateDocumentByQueryResponse } from 'elasticsearch'; +import type { estypes } from '@elastic/elasticsearch'; import { getCasesFromAlertsUrl } from '../../../../../../cases/common'; import { HostIsolationResponse, HostInfo } from '../../../../../common/endpoint/types'; import { @@ -62,7 +62,7 @@ export const updateAlertStatus = async ({ query, status, signal, -}: UpdateAlertStatusProps): Promise => +}: UpdateAlertStatusProps): Promise => KibanaServices.get().http.fetch(DETECTION_ENGINE_SIGNALS_STATUS_URL, { method: 'POST', body: JSON.stringify({ conflicts: 'proceed', status, ...query }), diff --git a/x-pack/plugins/security_solution/public/hosts/components/authentications_table/mock.ts b/x-pack/plugins/security_solution/public/hosts/components/authentications_table/mock.ts index 68cbaf5bf2626..f2b004f856cc4 100644 --- a/x-pack/plugins/security_solution/public/hosts/components/authentications_table/mock.ts +++ b/x-pack/plugins/security_solution/public/hosts/components/authentications_table/mock.ts @@ -5,12 +5,24 @@ * 2.0. */ -import { SearchResponse } from 'elasticsearch'; +import type { estypes } from '@elastic/elasticsearch'; import { HostAuthenticationsStrategyResponse } from '../../../../common/search_strategy/security_solution/hosts/authentications'; export const mockData: { Authentications: HostAuthenticationsStrategyResponse } = { Authentications: { rawResponse: { + took: 880, + timed_out: false, + _shards: { + total: 26, + successful: 26, + skipped: 0, + failed: 0, + }, + hits: { + total: 2, + hits: [], + }, aggregations: { group_by_users: { buckets: [ @@ -32,7 +44,7 @@ export const mockData: { Authentications: HostAuthenticationsStrategyResponse } sum_other_doc_count: 566, }, }, - } as SearchResponse, + } as estypes.SearchResponse, totalCount: 54, edges: [ { diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/support/test_support.ts b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/support/test_support.ts index a0530590f5f9f..7dae6fe5c69e4 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/support/test_support.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/support/test_support.ts @@ -5,10 +5,12 @@ * 2.0. */ -import { SearchResponse } from 'elasticsearch'; +import type { estypes } from '@elastic/elasticsearch'; import { HostMetadata } from '../../../../../common/endpoint/types'; -export function createV2SearchResponse(hostMetadata?: HostMetadata): SearchResponse { +export function createV2SearchResponse( + hostMetadata?: HostMetadata +): estypes.SearchResponse { return ({ took: 15, timed_out: false, @@ -38,5 +40,5 @@ export function createV2SearchResponse(hostMetadata?: HostMetadata): SearchRespo ] : [], }, - } as unknown) as SearchResponse; + } as unknown) as estypes.SearchResponse; } diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.test.ts b/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.test.ts index c8b36a22b359a..2b5fe11a8f687 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.test.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.test.ts @@ -22,7 +22,7 @@ import { loggingSystemMock, savedObjectsClientMock, } from '../../../../../../../src/core/server/mocks'; -import { SearchResponse } from 'elasticsearch'; +import type { estypes } from '@elastic/elasticsearch'; import { GetHostPolicyResponse, HostPolicyResponse } from '../../../../common/endpoint/types'; import { EndpointDocGenerator } from '../../../../common/endpoint/generate_data'; import { parseExperimentalConfigValue } from '../../../../common/experimental_features'; @@ -239,7 +239,7 @@ describe('test policy response handler', () => { */ function createSearchResponse( hostPolicyResponse?: HostPolicyResponse -): SearchResponse { +): estypes.SearchResponse { return ({ took: 15, timed_out: false, @@ -267,5 +267,5 @@ function createSearchResponse( ] : [], }, - } as unknown) as SearchResponse; + } as unknown) as estypes.SearchResponse; } diff --git a/x-pack/plugins/security_solution/server/endpoint/services/metadata/metadata.ts b/x-pack/plugins/security_solution/server/endpoint/services/metadata/metadata.ts index 2700bd80ca073..6bf062c02732e 100644 --- a/x-pack/plugins/security_solution/server/endpoint/services/metadata/metadata.ts +++ b/x-pack/plugins/security_solution/server/endpoint/services/metadata/metadata.ts @@ -5,8 +5,7 @@ * 2.0. */ -import { SearchRequest } from '@elastic/elasticsearch/api/types'; -import { SearchResponse } from 'elasticsearch'; +import type { estypes } from '@elastic/elasticsearch'; import { HostMetadata } from '../../../../common/endpoint/types'; import { SecuritySolutionRequestHandlerContext } from '../../../types'; import { getESQueryHostMetadataByIDs } from '../../routes/metadata/query_builders'; @@ -20,7 +19,7 @@ export async function getMetadataForEndpoints( ): Promise { const query = getESQueryHostMetadataByIDs(endpointIDs); const esClient = requestHandlerContext.core.elasticsearch.client.asCurrentUser; - const { body } = await esClient.search(query as SearchRequest); - const hosts = queryResponseToHostListResult(body as SearchResponse); + const { body } = await esClient.search(query as estypes.SearchRequest); + const hosts = queryResponseToHostListResult(body as estypes.SearchResponse); return hosts.resultList; } diff --git a/x-pack/test/case_api_integration/security_and_spaces/tests/common/cases/patch_cases.ts b/x-pack/test/case_api_integration/security_and_spaces/tests/common/cases/patch_cases.ts index 6b370117c447a..e2a7512940250 100644 --- a/x-pack/test/case_api_integration/security_and_spaces/tests/common/cases/patch_cases.ts +++ b/x-pack/test/case_api_integration/security_and_spaces/tests/common/cases/patch_cases.ts @@ -805,7 +805,7 @@ export default ({ getService }: FtrProviderContext): void => { const signals = await getSignalsByIds(supertest, [id]); const alert = signals.hits.hits[0]; - expect(alert._source.signal.status).eql('open'); + expect(alert._source?.signal.status).eql('open'); const caseUpdated = await createComment({ supertest, @@ -846,7 +846,7 @@ export default ({ getService }: FtrProviderContext): void => { .send(getQuerySignalIds([alert._id])) .expect(200); - expect(updatedAlert.hits.hits[0]._source.signal.status).eql('in-progress'); + expect(updatedAlert.hits.hits[0]._source?.signal.status).eql('in-progress'); }); it('does NOT updates alert status when the status is updated and syncAlerts=false', async () => { @@ -863,7 +863,7 @@ export default ({ getService }: FtrProviderContext): void => { const signals = await getSignalsByIds(supertest, [id]); const alert = signals.hits.hits[0]; - expect(alert._source.signal.status).eql('open'); + expect(alert._source?.signal.status).eql('open'); const caseUpdated = await createComment({ supertest, @@ -899,7 +899,7 @@ export default ({ getService }: FtrProviderContext): void => { .send(getQuerySignalIds([alert._id])) .expect(200); - expect(updatedAlert.hits.hits[0]._source.signal.status).eql('open'); + expect(updatedAlert.hits.hits[0]._source?.signal.status).eql('open'); }); it('it updates alert status when syncAlerts is turned on', async () => { @@ -916,7 +916,7 @@ export default ({ getService }: FtrProviderContext): void => { const signals = await getSignalsByIds(supertest, [id]); const alert = signals.hits.hits[0]; - expect(alert._source.signal.status).eql('open'); + expect(alert._source?.signal.status).eql('open'); const caseUpdated = await createComment({ supertest, @@ -970,7 +970,7 @@ export default ({ getService }: FtrProviderContext): void => { .send(getQuerySignalIds([alert._id])) .expect(200); - expect(updatedAlert.hits.hits[0]._source.signal.status).eql('in-progress'); + expect(updatedAlert.hits.hits[0]._source?.signal.status).eql('in-progress'); }); it('it does NOT updates alert status when syncAlerts is turned off', async () => { @@ -983,7 +983,7 @@ export default ({ getService }: FtrProviderContext): void => { const signals = await getSignalsByIds(supertest, [id]); const alert = signals.hits.hits[0]; - expect(alert._source.signal.status).eql('open'); + expect(alert._source?.signal.status).eql('open'); const caseUpdated = await createComment({ supertest, diff --git a/x-pack/test/case_api_integration/security_and_spaces/tests/common/comments/post_comment.ts b/x-pack/test/case_api_integration/security_and_spaces/tests/common/comments/post_comment.ts index f22ce54de193a..ecd05a2717e08 100644 --- a/x-pack/test/case_api_integration/security_and_spaces/tests/common/comments/post_comment.ts +++ b/x-pack/test/case_api_integration/security_and_spaces/tests/common/comments/post_comment.ts @@ -369,7 +369,7 @@ export default ({ getService }: FtrProviderContext): void => { const signals = await getSignalsByIds(supertest, [id]); const alert = signals.hits.hits[0]; - expect(alert._source.signal.status).eql('open'); + expect(alert._source?.signal.status).eql('open'); await createComment({ supertest, @@ -424,7 +424,7 @@ export default ({ getService }: FtrProviderContext): void => { const signals = await getSignalsByIds(supertest, [id]); const alert = signals.hits.hits[0]; - expect(alert._source.signal.status).eql('open'); + expect(alert._source?.signal.status).eql('open'); await createComment({ supertest, diff --git a/x-pack/test/detection_engine_api_integration/basic/tests/open_close_signals.ts b/x-pack/test/detection_engine_api_integration/basic/tests/open_close_signals.ts index 8c6a698f88109..3dbef66023e58 100644 --- a/x-pack/test/detection_engine_api_integration/basic/tests/open_close_signals.ts +++ b/x-pack/test/detection_engine_api_integration/basic/tests/open_close_signals.ts @@ -7,7 +7,7 @@ import expect from '@kbn/expect'; -import { SearchResponse } from 'elasticsearch'; +import type { estypes } from '@elastic/elasticsearch'; import { Signal } from '../../../../plugins/security_solution/server/lib/detection_engine/signals/types'; import { DETECTION_ENGINE_SIGNALS_STATUS_URL, @@ -93,11 +93,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForSignalsToBePresent(supertest, 10, [id]); const signalsOpen = await getSignalsByIds(supertest, [id]); const everySignalOpen = signalsOpen.hits.hits.every( - ({ - _source: { - signal: { status }, - }, - }) => status === 'open' + (hit) => hit._source?.signal?.status === 'open' ); expect(everySignalOpen).to.eql(true); }); @@ -121,7 +117,7 @@ export default ({ getService }: FtrProviderContext) => { const { body: signalsClosed, - }: { body: SearchResponse<{ signal: Signal }> } = await supertest + }: { body: estypes.SearchResponse<{ signal: Signal }> } = await supertest .post(DETECTION_ENGINE_QUERY_SIGNALS_URL) .set('kbn-xsrf', 'true') .send(getQuerySignalIds(signalIds)) @@ -148,18 +144,14 @@ export default ({ getService }: FtrProviderContext) => { const { body: signalsClosed, - }: { body: SearchResponse<{ signal: Signal }> } = await supertest + }: { body: estypes.SearchResponse<{ signal: Signal }> } = await supertest .post(DETECTION_ENGINE_QUERY_SIGNALS_URL) .set('kbn-xsrf', 'true') .send(getQuerySignalIds(signalIds)) .expect(200); const everySignalClosed = signalsClosed.hits.hits.every( - ({ - _source: { - signal: { status }, - }, - }) => status === 'closed' + (hit) => hit._source?.signal?.status === 'closed' ); expect(everySignalClosed).to.eql(true); }); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/aliases.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/aliases.ts index 790dc2b725a72..e72c00c31434e 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/aliases.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/aliases.ts @@ -46,7 +46,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); const hits = signalsOpen.hits.hits.map( - (signal) => (signal._source.host_alias as HostAlias).name + (signal) => (signal._source?.host_alias as HostAlias).name ); expect(hits).to.eql(['host name 1', 'host name 2', 'host name 3', 'host name 4']); }); @@ -57,7 +57,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((signal) => (signal._source.host as HostAlias).name); + const hits = signalsOpen.hits.hits.map((signal) => (signal._source?.host as HostAlias).name); expect(hits).to.eql(['host name 1', 'host name 2', 'host name 3', 'host name 4']); }); }); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_endpoint_exceptions.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_endpoint_exceptions.ts index 4a50a146421f6..56808b5739eb9 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_endpoint_exceptions.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_endpoint_exceptions.ts @@ -59,7 +59,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.host).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host).sort(); expect(hits).to.eql([ { os: { type: 'linux' }, @@ -82,7 +82,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.host).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host).sort(); expect(hits).to.eql([ { os: { name: 'Linux' }, @@ -125,7 +125,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.host); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host); expect(hits).to.eql([ { os: { name: 'Windows' }, @@ -162,7 +162,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.host); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host); expect(hits).to.eql([ { os: { name: 'Windows' }, @@ -210,7 +210,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.host); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host); expect(hits).to.eql([ { os: { name: 'Macos' }, @@ -255,7 +255,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.host); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host); expect(hits).to.eql([ { os: { name: 'Macos' }, @@ -291,7 +291,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.host); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host); expect(hits).to.eql([ { os: { type: 'windows' }, @@ -328,7 +328,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.host); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host); expect(hits).to.eql([ { os: { type: 'windows' }, @@ -376,7 +376,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.host); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host); expect(hits).to.eql([ { os: { type: 'macos' }, @@ -421,7 +421,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.host); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host); expect(hits).to.eql([ { os: { type: 'macos' }, @@ -457,7 +457,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 6, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.host); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host); expect(hits).to.eql([ { os: { type: 'windows' }, @@ -503,7 +503,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 6, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.host); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host); expect(hits).to.eql([ { os: { type: 'windows' }, @@ -560,7 +560,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.host); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host); expect(hits).to.eql([ { os: { type: 'macos' }, @@ -611,7 +611,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.host); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host); expect(hits).to.eql([ { os: { type: 'macos' }, @@ -663,7 +663,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.host); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host); expect(hits).to.eql([ { os: { type: 'macos' }, @@ -703,7 +703,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.host); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host); expect(hits).to.eql([ { os: { type: 'macos' }, @@ -736,7 +736,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.host); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host); expect(hits).to.eql([ { os: { type: 'linux' }, @@ -773,7 +773,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.host); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host); expect(hits).to.eql([ { os: { type: 'macos' }, @@ -807,7 +807,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.host); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host); expect(hits).to.eql([ { os: { type: 'macos' }, @@ -841,7 +841,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.host); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.host); expect(hits).to.eql([ { os: { type: 'linux' }, diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_ml.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_ml.ts index 6a6822ba7eb2d..a03bd07c86020 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_ml.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_ml.ts @@ -100,6 +100,10 @@ export default ({ getService }: FtrProviderContext) => { const signalsOpen = await getOpenSignals(supertest, es, createdRule); expect(signalsOpen.hits.hits.length).eql(1); const signal = signalsOpen.hits.hits[0]; + if (!signal._source) { + return expect(signal._source).to.be.ok(); + } + expect(signal._source).eql({ '@timestamp': signal._source['@timestamp'], actual: [1], @@ -152,7 +156,7 @@ export default ({ getService }: FtrProviderContext) => { id: createdRule.id, rule_id: createdRule.rule_id, created_at: createdRule.created_at, - updated_at: signal._source.signal.rule.updated_at, + updated_at: signal._source?.signal.rule.updated_at, actions: [], interval: '5m', name: 'Test ML rule', diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_signals_migrations.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_signals_migrations.ts index 1d33c4c3047cd..ed1cd4e82ef20 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_signals_migrations.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_signals_migrations.ts @@ -13,6 +13,7 @@ import { } from '../../../../plugins/security_solution/common/constants'; import { ROLES } from '../../../../plugins/security_solution/common/test'; import { SIGNALS_TEMPLATE_VERSION } from '../../../../plugins/security_solution/server/lib/detection_engine/routes/index/get_signals_template'; +import { Signal } from '../../../../plugins/security_solution/server/lib/detection_engine/signals/types'; import { FtrProviderContext } from '../../common/ftr_provider_context'; import { createSignalsIndex, @@ -96,12 +97,11 @@ export default ({ getService }: FtrProviderContext): void => { const [{ migration_index: newIndex }] = createResponses; await waitForIndexToPopulate(es, newIndex); - const { body: migrationResults } = await es.search({ index: newIndex }); + const { body: migrationResults } = await es.search<{ signal: Signal }>({ index: newIndex }); expect(migrationResults.hits.hits).length(1); - // @ts-expect-error _source has unknown type - const migratedSignal = migrationResults.hits.hits[0]._source.signal; - expect(migratedSignal._meta.version).to.equal(SIGNALS_TEMPLATE_VERSION); + const migratedSignal = migrationResults.hits.hits[0]._source?.signal; + expect(migratedSignal?._meta?.version).to.equal(SIGNALS_TEMPLATE_VERSION); }); it('specifying the signals alias itself is a bad request', async () => { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_threat_matching.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_threat_matching.ts index dabf2858dfe0c..c341761160633 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_threat_matching.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_threat_matching.ts @@ -153,9 +153,12 @@ export default ({ getService }: FtrProviderContext) => { const signalsOpen = await getSignalsByIds(supertest, [id]); expect(signalsOpen.hits.hits.length).equal(10); const fullSource = signalsOpen.hits.hits.find( - (signal) => signal._source.signal.parents[0].id === '7yJ-B2kBR346wHgnhlMn' + (signal) => signal._source?.signal.parents[0].id === '7yJ-B2kBR346wHgnhlMn' ); - const fullSignal = fullSource!._source; // If this doesn't exist the test is going to fail anyway so using a bang operator here to get rid of ts error + const fullSignal = fullSource?._source; + if (!fullSignal) { + return expect(fullSignal).to.be.ok(); + } expect(fullSignal).eql({ '@timestamp': fullSignal['@timestamp'], agent: { @@ -439,7 +442,7 @@ export default ({ getService }: FtrProviderContext) => { expect(signalsOpen.hits.hits.length).equal(2); const { hits } = signalsOpen.hits; - const threats = hits.map((hit) => hit._source.threat); + const threats = hits.map((hit) => hit._source?.threat); expect(threats).to.eql([ { indicator: [ @@ -544,7 +547,9 @@ export default ({ getService }: FtrProviderContext) => { expect(signalsOpen.hits.hits.length).equal(1); const { hits } = signalsOpen.hits; - const [threat] = hits.map((hit) => hit._source.threat) as Array<{ indicator: unknown[] }>; + const [threat] = hits.map((hit) => hit._source?.threat) as Array<{ + indicator: unknown[]; + }>; assertContains(threat.indicator, [ { @@ -644,7 +649,9 @@ export default ({ getService }: FtrProviderContext) => { expect(signalsOpen.hits.hits.length).equal(1); const { hits } = signalsOpen.hits; - const [threat] = hits.map((hit) => hit._source.threat) as Array<{ indicator: unknown[] }>; + const [threat] = hits.map((hit) => hit._source?.threat) as Array<{ + indicator: unknown[]; + }>; assertContains(threat.indicator, [ { @@ -779,7 +786,7 @@ export default ({ getService }: FtrProviderContext) => { expect(signalsOpen.hits.hits.length).equal(2); const { hits } = signalsOpen.hits; - const threats = hits.map((hit) => hit._source.threat) as Array<{ indicator: unknown[] }>; + const threats = hits.map((hit) => hit._source?.threat) as Array<{ indicator: unknown[] }>; assertContains(threats[0].indicator, [ { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/date.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/date.ts index ebbf91fed451a..280bc3099dd1a 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/date.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/date.ts @@ -54,7 +54,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort(); expect(hits).to.eql([ '2020-10-01T05:08:53.000Z', '2020-10-02T05:08:53.000Z', @@ -78,7 +78,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort(); expect(hits).to.eql([ '2020-10-02T05:08:53.000Z', '2020-10-03T05:08:53.000Z', @@ -109,7 +109,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort(); expect(hits).to.eql(['2020-10-03T05:08:53.000Z', '2020-10-04T05:08:53.000Z']); }); @@ -144,7 +144,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort(); expect(hits).to.eql(['2020-10-04T05:08:53.000Z']); }); @@ -186,7 +186,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort(); expect(hits).to.eql([]); }); }); @@ -206,7 +206,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort(); expect(hits).to.eql([]); }); @@ -225,7 +225,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort(); expect(hits).to.eql(['2020-10-01T05:08:53.000Z']); }); @@ -251,7 +251,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort(); expect(hits).to.eql([]); }); }); @@ -272,7 +272,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort(); expect(hits).to.eql([ '2020-10-02T05:08:53.000Z', '2020-10-03T05:08:53.000Z', @@ -295,7 +295,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort(); expect(hits).to.eql(['2020-10-03T05:08:53.000Z', '2020-10-04T05:08:53.000Z']); }); @@ -318,7 +318,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort(); expect(hits).to.eql(['2020-10-04T05:08:53.000Z']); }); @@ -341,7 +341,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort(); expect(hits).to.eql([]); }); }); @@ -361,7 +361,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort(); expect(hits).to.eql([]); }); @@ -380,7 +380,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort(); expect(hits).to.eql(['2020-10-01T05:08:53.000Z', '2020-10-04T05:08:53.000Z']); }); }); @@ -399,7 +399,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort(); expect(hits).to.eql([]); }); }); @@ -419,7 +419,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort(); expect(hits).to.eql([ '2020-10-01T05:08:53.000Z', '2020-10-02T05:08:53.000Z', @@ -449,7 +449,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort(); expect(hits).to.eql([ '2020-10-02T05:08:53.000Z', '2020-10-03T05:08:53.000Z', @@ -481,7 +481,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort(); expect(hits).to.eql(['2020-10-02T05:08:53.000Z', '2020-10-04T05:08:53.000Z']); }); @@ -513,7 +513,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort(); expect(hits).to.eql([]); }); }); @@ -538,7 +538,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort(); expect(hits).to.eql(['2020-10-01T05:08:53.000Z']); }); @@ -566,7 +566,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort(); expect(hits).to.eql(['2020-10-01T05:08:53.000Z', '2020-10-03T05:08:53.000Z']); }); @@ -599,7 +599,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.date).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.date).sort(); expect(hits).to.eql([ '2020-10-01T05:08:53.000Z', '2020-10-02T05:08:53.000Z', diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/double.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/double.ts index 0ae52b86e3d77..152fd46fdf6a2 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/double.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/double.ts @@ -58,7 +58,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort(); expect(hits).to.eql(['1.0', '1.1', '1.2', '1.3']); }); @@ -77,7 +77,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort(); expect(hits).to.eql(['1.1', '1.2', '1.3']); }); @@ -104,7 +104,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort(); expect(hits).to.eql(['1.2', '1.3']); }); @@ -139,7 +139,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort(); expect(hits).to.eql(['1.3']); }); @@ -181,7 +181,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort(); expect(hits).to.eql([]); }); }); @@ -201,7 +201,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort(); expect(hits).to.eql([]); }); @@ -220,7 +220,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort(); expect(hits).to.eql(['1.0']); }); @@ -246,7 +246,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort(); expect(hits).to.eql([]); }); }); @@ -267,7 +267,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort(); expect(hits).to.eql(['1.1', '1.2', '1.3']); }); @@ -286,7 +286,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort(); expect(hits).to.eql(['1.2', '1.3']); }); @@ -305,7 +305,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort(); expect(hits).to.eql(['1.3']); }); @@ -323,7 +323,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort(); expect(hits).to.eql([]); }); }); @@ -343,7 +343,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort(); expect(hits).to.eql([]); }); @@ -362,7 +362,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort(); expect(hits).to.eql(['1.0', '1.3']); }); }); @@ -381,7 +381,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort(); expect(hits).to.eql([]); }); }); @@ -401,7 +401,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort(); expect(hits).to.eql(['1.0', '1.1', '1.2', '1.3']); }); }); @@ -427,7 +427,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort(); expect(hits).to.eql(['1.1', '1.2', '1.3']); }); @@ -450,7 +450,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort(); expect(hits).to.eql(['1.1', '1.3']); }); @@ -472,7 +472,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort(); expect(hits).to.eql([]); }); }); @@ -497,7 +497,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort(); expect(hits).to.eql(['1.1', '1.2', '1.3']); }); @@ -520,7 +520,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort(); expect(hits).to.eql(['1.1', '1.3']); }); @@ -542,7 +542,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort(); expect(hits).to.eql([]); }); @@ -568,7 +568,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort(); expect(hits).to.eql(['1.3']); }); }); @@ -595,7 +595,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort(); expect(hits).to.eql(['1.0']); }); @@ -618,7 +618,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort(); expect(hits).to.eql(['1.0', '1.2']); }); @@ -641,7 +641,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort(); expect(hits).to.eql(['1.0', '1.1', '1.2', '1.3']); }); }); @@ -666,7 +666,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort(); expect(hits).to.eql(['1.0']); }); @@ -689,7 +689,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort(); expect(hits).to.eql(['1.0', '1.2']); }); @@ -712,7 +712,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort(); expect(hits).to.eql(['1.0', '1.1', '1.2', '1.3']); }); @@ -738,7 +738,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.double).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.double).sort(); expect(hits).to.eql(['1.0', '1.1', '1.2']); }); }); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/float.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/float.ts index 7d5d8a215a982..d3b93cbab1124 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/float.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/float.ts @@ -56,7 +56,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort(); expect(hits).to.eql(['1.0', '1.1', '1.2', '1.3']); }); @@ -75,7 +75,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort(); expect(hits).to.eql(['1.1', '1.2', '1.3']); }); @@ -102,7 +102,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort(); expect(hits).to.eql(['1.2', '1.3']); }); @@ -137,7 +137,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort(); expect(hits).to.eql(['1.3']); }); @@ -179,7 +179,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort(); expect(hits).to.eql([]); }); }); @@ -199,7 +199,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort(); expect(hits).to.eql([]); }); @@ -218,7 +218,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort(); expect(hits).to.eql(['1.0']); }); @@ -244,7 +244,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort(); expect(hits).to.eql([]); }); }); @@ -265,7 +265,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort(); expect(hits).to.eql(['1.1', '1.2', '1.3']); }); @@ -284,7 +284,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort(); expect(hits).to.eql(['1.2', '1.3']); }); @@ -303,7 +303,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort(); expect(hits).to.eql(['1.3']); }); @@ -321,7 +321,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort(); expect(hits).to.eql([]); }); }); @@ -341,7 +341,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort(); expect(hits).to.eql([]); }); @@ -360,7 +360,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort(); expect(hits).to.eql(['1.0', '1.3']); }); }); @@ -379,7 +379,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort(); expect(hits).to.eql([]); }); }); @@ -399,7 +399,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort(); expect(hits).to.eql(['1.0', '1.1', '1.2', '1.3']); }); }); @@ -425,7 +425,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort(); expect(hits).to.eql(['1.1', '1.2', '1.3']); }); @@ -448,7 +448,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort(); expect(hits).to.eql(['1.1', '1.3']); }); @@ -470,7 +470,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort(); expect(hits).to.eql([]); }); }); @@ -495,7 +495,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort(); expect(hits).to.eql(['1.1', '1.2', '1.3']); }); @@ -518,7 +518,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort(); expect(hits).to.eql(['1.1', '1.3']); }); @@ -540,7 +540,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort(); expect(hits).to.eql([]); }); @@ -563,7 +563,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort(); expect(hits).to.eql(['1.3']); }); }); @@ -590,7 +590,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort(); expect(hits).to.eql(['1.0']); }); @@ -613,7 +613,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort(); expect(hits).to.eql(['1.0', '1.2']); }); @@ -636,7 +636,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort(); expect(hits).to.eql(['1.0', '1.1', '1.2', '1.3']); }); }); @@ -661,7 +661,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort(); expect(hits).to.eql(['1.0']); }); @@ -684,7 +684,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort(); expect(hits).to.eql(['1.0', '1.2']); }); @@ -707,7 +707,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort(); expect(hits).to.eql(['1.0', '1.1', '1.2', '1.3']); }); @@ -730,7 +730,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.float).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.float).sort(); expect(hits).to.eql(['1.0', '1.1', '1.2']); }); }); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/integer.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/integer.ts index 8d73262147287..6bfaea982a407 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/integer.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/integer.ts @@ -58,7 +58,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort(); expect(hits).to.eql(['1', '2', '3', '4']); }); @@ -77,7 +77,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort(); expect(hits).to.eql(['2', '3', '4']); }); @@ -104,7 +104,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort(); expect(hits).to.eql(['3', '4']); }); @@ -139,7 +139,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort(); expect(hits).to.eql(['4']); }); @@ -181,7 +181,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort(); expect(hits).to.eql([]); }); }); @@ -201,7 +201,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort(); expect(hits).to.eql([]); }); @@ -220,7 +220,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort(); expect(hits).to.eql(['1']); }); @@ -246,7 +246,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort(); expect(hits).to.eql([]); }); }); @@ -267,7 +267,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort(); expect(hits).to.eql(['2', '3', '4']); }); @@ -286,7 +286,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort(); expect(hits).to.eql(['3', '4']); }); @@ -305,7 +305,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort(); expect(hits).to.eql(['4']); }); @@ -323,7 +323,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort(); expect(hits).to.eql([]); }); }); @@ -343,7 +343,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort(); expect(hits).to.eql([]); }); @@ -362,7 +362,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort(); expect(hits).to.eql(['1', '4']); }); }); @@ -381,7 +381,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort(); expect(hits).to.eql([]); }); }); @@ -401,7 +401,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort(); expect(hits).to.eql(['1', '2', '3', '4']); }); }); @@ -427,7 +427,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort(); expect(hits).to.eql(['2', '3', '4']); }); @@ -450,7 +450,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort(); expect(hits).to.eql(['2', '4']); }); @@ -472,7 +472,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort(); expect(hits).to.eql([]); }); }); @@ -497,7 +497,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort(); expect(hits).to.eql(['2', '3', '4']); }); @@ -520,7 +520,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort(); expect(hits).to.eql(['2', '4']); }); @@ -542,7 +542,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort(); expect(hits).to.eql([]); }); @@ -565,7 +565,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort(); expect(hits).to.eql(['4']); }); }); @@ -592,7 +592,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort(); expect(hits).to.eql(['1']); }); @@ -615,7 +615,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort(); expect(hits).to.eql(['1', '3']); }); @@ -638,7 +638,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort(); expect(hits).to.eql(['1', '2', '3', '4']); }); }); @@ -663,7 +663,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort(); expect(hits).to.eql(['1']); }); @@ -686,7 +686,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort(); expect(hits).to.eql(['1', '3']); }); @@ -709,7 +709,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort(); expect(hits).to.eql(['1', '2', '3', '4']); }); @@ -732,7 +732,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.integer).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.integer).sort(); expect(hits).to.eql(['1', '2', '3']); }); }); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/ip.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/ip.ts index 9acbe0da6f27c..cf7b072a5e049 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/ip.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/ip.ts @@ -54,7 +54,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql(['127.0.0.1', '127.0.0.2', '127.0.0.3', '127.0.0.4']); }); @@ -73,7 +73,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql(['127.0.0.2', '127.0.0.3', '127.0.0.4']); }); @@ -100,7 +100,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql(['127.0.0.3', '127.0.0.4']); }); @@ -135,7 +135,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql(['127.0.0.4']); }); @@ -177,7 +177,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([]); }); @@ -196,7 +196,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql(['127.0.0.4']); }); }); @@ -216,7 +216,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([]); }); @@ -235,7 +235,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql(['127.0.0.1']); }); @@ -261,7 +261,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([]); }); }); @@ -282,7 +282,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql(['127.0.0.2', '127.0.0.3', '127.0.0.4']); }); @@ -301,7 +301,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql(['127.0.0.3', '127.0.0.4']); }); @@ -320,7 +320,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql(['127.0.0.4']); }); @@ -338,7 +338,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([]); }); }); @@ -358,7 +358,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([]); }); @@ -377,7 +377,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql(['127.0.0.1', '127.0.0.4']); }); }); @@ -396,7 +396,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([]); }); }); @@ -416,7 +416,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql(['127.0.0.1', '127.0.0.2', '127.0.0.3', '127.0.0.4']); }); }); @@ -441,7 +441,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql(['127.0.0.2', '127.0.0.3', '127.0.0.4']); }); @@ -464,7 +464,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql(['127.0.0.2', '127.0.0.4']); }); @@ -491,7 +491,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([]); }); @@ -518,7 +518,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql(['127.0.0.4']); }); @@ -545,7 +545,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql(['127.0.0.4']); }); @@ -574,7 +574,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql(['127.0.0.4']); }); }); @@ -599,7 +599,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql(['127.0.0.1']); }); @@ -622,7 +622,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql(['127.0.0.1', '127.0.0.3']); }); @@ -650,7 +650,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql(['127.0.0.1', '127.0.0.2', '127.0.0.3', '127.0.0.4']); }); @@ -677,7 +677,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql(['127.0.0.1', '127.0.0.2', '127.0.0.3']); }); @@ -704,7 +704,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql(['127.0.0.1', '127.0.0.2', '127.0.0.3']); }); }); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/ip_array.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/ip_array.ts index 16b3ab2958c9f..1b05106ac3d31 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/ip_array.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/ip_array.ts @@ -54,7 +54,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([ [], ['127.0.0.1', '127.0.0.2', '127.0.0.3', '127.0.0.4'], @@ -78,7 +78,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([ [], ['127.0.0.5', null, '127.0.0.6', '127.0.0.7'], @@ -109,7 +109,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([[], ['127.0.0.8', '127.0.0.9', '127.0.0.10']]); }); @@ -144,7 +144,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([[]]); }); @@ -163,7 +163,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([ [], ['127.0.0.5', null, '127.0.0.6', '127.0.0.7'], @@ -186,7 +186,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([[], ['127.0.0.8', '127.0.0.9', '127.0.0.10']]); }); }); @@ -206,7 +206,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([]); }); @@ -225,7 +225,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([['127.0.0.1', '127.0.0.2', '127.0.0.3', '127.0.0.4']]); }); @@ -250,7 +250,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([['127.0.0.1', '127.0.0.2', '127.0.0.3', '127.0.0.4']]); }); @@ -276,7 +276,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([]); }); }); @@ -297,7 +297,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([ [], ['127.0.0.5', null, '127.0.0.6', '127.0.0.7'], @@ -320,7 +320,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([[], ['127.0.0.8', '127.0.0.9', '127.0.0.10']]); }); @@ -339,7 +339,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([[]]); }); }); @@ -359,7 +359,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([]); }); @@ -378,7 +378,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([ ['127.0.0.1', '127.0.0.2', '127.0.0.3', '127.0.0.4'], ['127.0.0.5', null, '127.0.0.6', '127.0.0.7'], @@ -400,7 +400,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([[]]); }); }); @@ -420,7 +420,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([ ['127.0.0.1', '127.0.0.2', '127.0.0.3', '127.0.0.4'], ['127.0.0.5', null, '127.0.0.6', '127.0.0.7'], @@ -449,7 +449,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([ [], ['127.0.0.5', null, '127.0.0.6', '127.0.0.7'], @@ -476,7 +476,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([[], ['127.0.0.8', '127.0.0.9', '127.0.0.10']]); }); @@ -503,7 +503,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([[]]); }); @@ -540,7 +540,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([[], ['127.0.0.8', '127.0.0.9', '127.0.0.10']]); }); @@ -571,7 +571,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([[], ['127.0.0.8', '127.0.0.9', '127.0.0.10']]); }); }); @@ -596,7 +596,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([['127.0.0.1', '127.0.0.2', '127.0.0.3', '127.0.0.4']]); }); @@ -619,7 +619,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([ ['127.0.0.1', '127.0.0.2', '127.0.0.3', '127.0.0.4'], ['127.0.0.5', null, '127.0.0.6', '127.0.0.7'], @@ -650,7 +650,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([ ['127.0.0.1', '127.0.0.2', '127.0.0.3', '127.0.0.4'], ['127.0.0.5', null, '127.0.0.6', '127.0.0.7'], @@ -691,7 +691,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([ ['127.0.0.1', '127.0.0.2', '127.0.0.3', '127.0.0.4'], ['127.0.0.5', null, '127.0.0.6', '127.0.0.7'], @@ -725,7 +725,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const ips = signalsOpen.hits.hits.map((hit) => hit._source.ip).sort(); + const ips = signalsOpen.hits.hits.map((hit) => hit._source?.ip).sort(); expect(ips).to.eql([ ['127.0.0.1', '127.0.0.2', '127.0.0.3', '127.0.0.4'], ['127.0.0.5', null, '127.0.0.6', '127.0.0.7'], diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/keyword.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/keyword.ts index 29fbd2423956f..73ae9cc191e9f 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/keyword.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/keyword.ts @@ -54,7 +54,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql(['word four', 'word one', 'word three', 'word two']); }); @@ -73,7 +73,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql(['word four', 'word three', 'word two']); }); @@ -100,7 +100,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql(['word four', 'word three']); }); @@ -135,7 +135,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql(['word four']); }); @@ -177,7 +177,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql([]); }); }); @@ -197,7 +197,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql([]); }); @@ -216,7 +216,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql(['word one']); }); @@ -242,7 +242,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql([]); }); }); @@ -263,7 +263,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql(['word four', 'word three', 'word two']); }); @@ -282,7 +282,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql(['word four', 'word three']); }); @@ -301,7 +301,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql(['word four']); }); @@ -319,7 +319,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql([]); }); }); @@ -339,7 +339,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql([]); }); @@ -358,7 +358,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql(['word four', 'word one']); }); }); @@ -377,7 +377,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql([]); }); }); @@ -397,7 +397,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql(['word four', 'word one', 'word three', 'word two']); }); }); @@ -432,7 +432,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql(['word four', 'word one', 'word three', 'word two']); }); @@ -455,7 +455,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql(['word four', 'word three', 'word two']); }); @@ -478,7 +478,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql(['word four', 'word two']); }); @@ -505,7 +505,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql([]); }); }); @@ -530,7 +530,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql(['word one']); }); @@ -553,7 +553,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql(['word one', 'word three']); }); @@ -581,7 +581,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql(['word four', 'word one', 'word three', 'word two']); }); }); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/keyword_array.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/keyword_array.ts index f3b49558bb99d..8fff5e3580f13 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/keyword_array.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/keyword_array.ts @@ -56,7 +56,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql([ [], ['word eight', 'word nine', 'word ten'], @@ -80,7 +80,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql([ [], ['word eight', 'word nine', 'word ten'], @@ -111,7 +111,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql([[], ['word eight', 'word nine', 'word ten']]); }); @@ -146,7 +146,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql([[]]); }); }); @@ -166,7 +166,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql([]); }); @@ -185,7 +185,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql([['word one', 'word two', 'word three', 'word four']]); }); @@ -211,7 +211,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql([]); }); }); @@ -232,7 +232,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql([ [], ['word eight', 'word nine', 'word ten'], @@ -255,7 +255,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql([[], ['word eight', 'word nine', 'word ten']]); }); @@ -274,7 +274,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql([[]]); }); }); @@ -294,7 +294,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql([]); }); @@ -313,7 +313,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql([ ['word five', null, 'word six', 'word seven'], ['word one', 'word two', 'word three', 'word four'], @@ -335,7 +335,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql([[]]); }); }); @@ -355,7 +355,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql([ ['word eight', 'word nine', 'word ten'], ['word five', null, 'word six', 'word seven'], @@ -394,7 +394,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql([ [], ['word eight', 'word nine', 'word ten'], @@ -432,7 +432,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql([ [], ['word eight', 'word nine', 'word ten'], @@ -459,7 +459,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql([ [], ['word eight', 'word nine', 'word ten'], @@ -486,7 +486,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql([[], ['word eight', 'word nine', 'word ten']]); }); @@ -513,7 +513,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql([[]]); }); }); @@ -538,7 +538,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql([['word one', 'word two', 'word three', 'word four']]); }); @@ -561,7 +561,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql([['word one', 'word two', 'word three', 'word four']]); }); @@ -584,7 +584,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql([ ['word five', null, 'word six', 'word seven'], ['word one', 'word two', 'word three', 'word four'], @@ -615,7 +615,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.keyword).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.keyword).sort(); expect(hits).to.eql([ ['word eight', 'word nine', 'word ten'], ['word five', null, 'word six', 'word seven'], diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/long.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/long.ts index 55896212c2fd8..4af1b426bbfed 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/long.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/long.ts @@ -56,7 +56,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort(); expect(hits).to.eql(['1', '2', '3', '4']); }); @@ -75,7 +75,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort(); expect(hits).to.eql(['2', '3', '4']); }); @@ -102,7 +102,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort(); expect(hits).to.eql(['3', '4']); }); @@ -137,7 +137,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort(); expect(hits).to.eql(['4']); }); @@ -179,7 +179,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort(); expect(hits).to.eql([]); }); }); @@ -199,7 +199,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort(); expect(hits).to.eql([]); }); @@ -218,7 +218,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort(); expect(hits).to.eql(['1']); }); @@ -244,7 +244,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort(); expect(hits).to.eql([]); }); }); @@ -265,7 +265,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort(); expect(hits).to.eql(['2', '3', '4']); }); @@ -284,7 +284,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort(); expect(hits).to.eql(['3', '4']); }); @@ -303,7 +303,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort(); expect(hits).to.eql(['4']); }); @@ -321,7 +321,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort(); expect(hits).to.eql([]); }); }); @@ -341,7 +341,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort(); expect(hits).to.eql([]); }); @@ -360,7 +360,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort(); expect(hits).to.eql(['1', '4']); }); }); @@ -379,7 +379,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort(); expect(hits).to.eql([]); }); }); @@ -399,7 +399,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort(); expect(hits).to.eql(['1', '2', '3', '4']); }); }); @@ -425,7 +425,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort(); expect(hits).to.eql(['2', '3', '4']); }); @@ -448,7 +448,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort(); expect(hits).to.eql(['2', '4']); }); @@ -470,7 +470,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort(); expect(hits).to.eql([]); }); }); @@ -495,7 +495,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort(); expect(hits).to.eql(['2', '3', '4']); }); @@ -518,7 +518,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort(); expect(hits).to.eql(['2', '4']); }); @@ -540,7 +540,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort(); expect(hits).to.eql([]); }); @@ -563,7 +563,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort(); expect(hits).to.eql(['4']); }); }); @@ -590,7 +590,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort(); expect(hits).to.eql(['1']); }); @@ -613,7 +613,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort(); expect(hits).to.eql(['1', '3']); }); @@ -636,7 +636,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort(); expect(hits).to.eql(['1', '2', '3', '4']); }); }); @@ -661,7 +661,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort(); expect(hits).to.eql(['1']); }); @@ -684,7 +684,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort(); expect(hits).to.eql(['1', '3']); }); @@ -707,7 +707,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort(); expect(hits).to.eql(['1', '2', '3', '4']); }); @@ -730,7 +730,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.long).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.long).sort(); expect(hits).to.eql(['1', '2', '3']); }); }); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/text.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/text.ts index 046d4100b1ee4..d22006bde2354 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/text.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/text.ts @@ -57,7 +57,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql(['word four', 'word one', 'word three', 'word two']); }); @@ -76,7 +76,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql(['word four', 'word three', 'word two']); }); @@ -103,7 +103,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql(['word four', 'word three']); }); @@ -138,7 +138,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql(['word four']); }); @@ -180,7 +180,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql([]); }); @@ -199,7 +199,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql(['word four', 'word three', 'word two']); }); @@ -217,7 +217,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql([]); }); @@ -236,7 +236,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql(['word four', 'word three', 'word two']); }); }); @@ -256,7 +256,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql([]); }); @@ -275,7 +275,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql(['word one']); }); @@ -301,7 +301,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql([]); }); @@ -320,7 +320,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql(['word one']); }); @@ -338,7 +338,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql(['word four', 'word one', 'word three', 'word two']); }); @@ -357,7 +357,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql(['word one']); }); }); @@ -378,7 +378,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql(['word four', 'word three', 'word two']); }); @@ -397,7 +397,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql(['word four', 'word three']); }); @@ -416,7 +416,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql(['word four']); }); @@ -434,7 +434,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql([]); }); }); @@ -454,7 +454,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql([]); }); @@ -473,7 +473,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql(['word four', 'word one']); }); }); @@ -492,7 +492,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql([]); }); }); @@ -512,7 +512,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql(['word four', 'word one', 'word three', 'word two']); }); }); @@ -538,7 +538,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql(['four', 'three', 'two']); }); @@ -561,7 +561,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql(['four', 'two']); }); @@ -588,7 +588,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql([]); }); }); @@ -613,7 +613,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql(['word four', 'word three', 'word two']); }); @@ -641,7 +641,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql(['word four', 'word three', 'word two']); }); @@ -664,7 +664,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql(['word four', 'word two']); }); @@ -691,7 +691,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql([]); }); }); @@ -718,7 +718,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql(['one']); }); @@ -741,7 +741,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql(['one', 'three']); }); @@ -769,7 +769,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql(['four', 'one', 'three', 'two']); }); }); @@ -794,7 +794,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql(['word one']); }); @@ -822,7 +822,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql(['word one']); }); @@ -845,7 +845,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql(['word one', 'word three']); }); @@ -873,7 +873,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql(['word four', 'word one', 'word three', 'word two']); }); }); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/text_array.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/text_array.ts index 377019e4e40e6..6512db22c2eb3 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/text_array.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/text_array.ts @@ -54,7 +54,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql([ [], ['word eight', 'word nine', 'word ten'], @@ -78,7 +78,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql([ [], ['word eight', 'word nine', 'word ten'], @@ -109,7 +109,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql([[], ['word eight', 'word nine', 'word ten']]); }); @@ -144,7 +144,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql([[]]); }); }); @@ -164,7 +164,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql([]); }); @@ -183,7 +183,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql([['word one', 'word two', 'word three', 'word four']]); }); @@ -209,7 +209,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql([]); }); }); @@ -230,7 +230,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql([ [], ['word eight', 'word nine', 'word ten'], @@ -253,7 +253,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql([[], ['word eight', 'word nine', 'word ten']]); }); @@ -272,7 +272,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql([[]]); }); }); @@ -292,7 +292,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql([]); }); @@ -311,7 +311,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql([ ['word five', null, 'word six', 'word seven'], ['word one', 'word two', 'word three', 'word four'], @@ -333,7 +333,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql([[]]); }); }); @@ -353,7 +353,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql([ ['word eight', 'word nine', 'word ten'], ['word five', null, 'word six', 'word seven'], @@ -392,7 +392,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql([ [], ['word eight', 'word nine', 'word ten'], @@ -430,7 +430,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql([ [], ['word eight', 'word nine', 'word ten'], @@ -457,7 +457,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql([ [], ['word eight', 'word nine', 'word ten'], @@ -484,7 +484,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql([[], ['word eight', 'word nine', 'word ten']]); }); @@ -511,7 +511,7 @@ export default ({ getService }: FtrProviderContext) => { ]); await waitForRuleSuccessOrStatus(supertest, id); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql([[]]); }); }); @@ -536,7 +536,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql([['word one', 'word two', 'word three', 'word four']]); }); @@ -559,7 +559,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql([['word one', 'word two', 'word three', 'word four']]); }); @@ -582,7 +582,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 2, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql([ ['word five', null, 'word six', 'word seven'], ['word one', 'word two', 'word three', 'word four'], @@ -608,7 +608,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.text).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.text).sort(); expect(hits).to.eql([ ['word eight', 'word nine', 'word ten'], ['word five', null, 'word six', 'word seven'], diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/generating_signals.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/generating_signals.ts index 4972b485be06c..66c94a7317b72 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/generating_signals.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/generating_signals.ts @@ -6,7 +6,7 @@ */ import expect from '@kbn/expect'; -import { orderBy, get } from 'lodash'; +import { orderBy, get, omit } from 'lodash'; import { EqlCreateSchema, @@ -98,7 +98,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsByIds(supertest, [id]); - expect(signalsOpen.hits.hits[0]._source.signal.rule.rule_id).eql(getSimpleRule().rule_id); + expect(signalsOpen.hits.hits[0]._source?.signal.rule.rule_id).eql(getSimpleRule().rule_id); }); it('should query and get back expected signal structure using a basic KQL query', async () => { @@ -110,8 +110,10 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsByIds(supertest, [id]); + const signal = signalsOpen.hits.hits[0]._source?.signal; // remove rule to cut down on touch points for test changes when the rule format changes - const { rule: removedRule, ...signalNoRule } = signalsOpen.hits.hits[0]._source.signal; + const signalNoRule = omit(signal, 'rule'); + expect(signalNoRule).eql({ parents: [ { @@ -161,8 +163,9 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsByIds(supertest, [id]); + const signal = signalsOpen.hits.hits[0]._source?.signal; // remove rule to cut down on touch points for test changes when the rule format changes - const { rule: removedRule, ...signalNoRule } = signalsOpen.hits.hits[0]._source.signal; + const signalNoRule = omit(signal, 'rule'); expect(signalNoRule).eql({ parents: [ { @@ -223,8 +226,9 @@ export default ({ getService }: FtrProviderContext) => { // Get our single signal on top of a signal const signalsOpen = await getSignalsByRuleIds(supertest, ['signal-on-signal']); + const signal = signalsOpen.hits.hits[0]._source?.signal; // remove rule to cut down on touch points for test changes when the rule format changes - const { rule: removedRule, ...signalNoRule } = signalsOpen.hits.hits[0]._source.signal; + const signalNoRule = omit(signal, 'rule'); expect(signalNoRule).eql({ parents: [ { @@ -284,6 +288,9 @@ export default ({ getService }: FtrProviderContext) => { const signals = await getSignalsByIds(supertest, [id]); expect(signals.hits.hits.length).eql(1); const fullSignal = signals.hits.hits[0]._source; + if (!fullSignal) { + return expect(fullSignal).to.be.ok(); + } expect(fullSignal).eql({ '@timestamp': fullSignal['@timestamp'], @@ -398,7 +405,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForSignalsToBePresent(supertest, 100, [id]); const signals = await getSignalsByIds(supertest, [id], 1000); const filteredSignals = signals.hits.hits.filter( - (signal) => signal._source.signal.depth === 1 + (signal) => signal._source?.signal.depth === 1 ); expect(filteredSignals.length).eql(100); }); @@ -415,6 +422,9 @@ export default ({ getService }: FtrProviderContext) => { const signals = await getSignalsByIds(supertest, [id]); expect(signals.hits.hits.length).eql(1); const fullSignal = signals.hits.hits[0]._source; + if (!fullSignal) { + return expect(fullSignal).to.be.ok(); + } expect(fullSignal).eql({ '@timestamp': fullSignal['@timestamp'], @@ -533,11 +543,14 @@ export default ({ getService }: FtrProviderContext) => { const signals = await getSignalsByIds(supertest, [id]); const buildingBlock = signals.hits.hits.find( (signal) => - signal._source.signal.depth === 1 && + signal._source?.signal.depth === 1 && get(signal._source, 'signal.original_event.category') === 'anomoly' ); expect(buildingBlock).not.eql(undefined); - const fullSignal = buildingBlock!._source; + const fullSignal = buildingBlock?._source; + if (!fullSignal) { + return expect(fullSignal).to.be.ok(); + } expect(fullSignal).eql({ '@timestamp': fullSignal['@timestamp'], @@ -694,12 +707,15 @@ export default ({ getService }: FtrProviderContext) => { await waitForSignalsToBePresent(supertest, 3, [id]); const signalsOpen = await getSignalsByIds(supertest, [id]); const sequenceSignal = signalsOpen.hits.hits.find( - (signal) => signal._source.signal.depth === 2 + (signal) => signal._source?.signal.depth === 2 ); - const source = sequenceSignal!._source; - const eventIds = source.signal.parents.map((event) => event.id); + const source = sequenceSignal?._source; + if (!source) { + return expect(source).to.be.ok(); + } + const eventIds = source?.signal.parents.map((event) => event.id); expect(source).eql({ - '@timestamp': source['@timestamp'], + '@timestamp': source && source['@timestamp'], agent: { ephemeral_id: '1b4978a0-48be-49b1-ac96-323425b389ab', hostname: 'zeek-sensor-amsterdam', @@ -798,10 +814,10 @@ export default ({ getService }: FtrProviderContext) => { const signalsOpen = await getSignalsByIds(supertest, [id], 1000); expect(signalsOpen.hits.hits.length).eql(300); const shellSignals = signalsOpen.hits.hits.filter( - (signal) => signal._source.signal.depth === 2 + (signal) => signal._source?.signal.depth === 2 ); const buildingBlocks = signalsOpen.hits.hits.filter( - (signal) => signal._source.signal.depth === 1 + (signal) => signal._source?.signal.depth === 1 ); expect(shellSignals.length).eql(100); expect(buildingBlocks.length).eql(200); @@ -823,6 +839,9 @@ export default ({ getService }: FtrProviderContext) => { const signalsOpen = await getSignalsByIds(supertest, [id]); expect(signalsOpen.hits.hits.length).eql(1); const fullSignal = signalsOpen.hits.hits[0]._source; + if (!fullSignal) { + return expect(fullSignal).to.be.ok(); + } const eventIds = fullSignal.signal.parents.map((event) => event.id); expect(fullSignal).eql({ '@timestamp': fullSignal['@timestamp'], @@ -957,6 +976,9 @@ export default ({ getService }: FtrProviderContext) => { const signalsOpen = await getOpenSignals(supertest, es, createdRule); expect(signalsOpen.hits.hits.length).eql(1); const fullSignal = signalsOpen.hits.hits[0]._source; + if (!fullSignal) { + return expect(fullSignal).to.be.ok(); + } const eventIds = fullSignal.signal.parents.map((event) => event.id); expect(fullSignal).eql({ '@timestamp': fullSignal['@timestamp'], @@ -1035,6 +1057,9 @@ export default ({ getService }: FtrProviderContext) => { const signalsOpen = await getOpenSignals(supertest, es, createdRule); expect(signalsOpen.hits.hits.length).eql(1); const fullSignal = signalsOpen.hits.hits[0]._source; + if (!fullSignal) { + return expect(fullSignal).to.be.ok(); + } const eventIds = fullSignal.signal.parents.map((event) => event.id); expect(fullSignal).eql({ '@timestamp': fullSignal['@timestamp'], @@ -1132,7 +1157,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsByIds(supertest, [id]); - expect(signalsOpen.hits.hits[0]._source.signal.rule.rule_id).eql(getSimpleRule().rule_id); + expect(signalsOpen.hits.hits[0]._source?.signal.rule.rule_id).eql(getSimpleRule().rule_id); }); it('should query and get back expected signal structure using a basic KQL query', async () => { @@ -1144,8 +1169,9 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsByIds(supertest, [id]); + const signal = signalsOpen.hits.hits[0]._source?.signal; // remove rule to cut down on touch points for test changes when the rule format changes - const { rule: removedRule, ...signalNoRule } = signalsOpen.hits.hits[0]._source.signal; + const signalNoRule = omit(signal, 'rule'); expect(signalNoRule).eql({ parents: [ { @@ -1200,8 +1226,9 @@ export default ({ getService }: FtrProviderContext) => { // Get our single signal on top of a signal const signalsOpen = await getSignalsByRuleIds(supertest, ['signal-on-signal']); + const signal = signalsOpen.hits.hits[0]._source?.signal; // remove rule to cut down on touch points for test changes when the rule format changes - const { rule: removedRule, ...signalNoRule } = signalsOpen.hits.hits[0]._source.signal; + const signalNoRule = omit(signal, 'rule'); expect(signalNoRule).eql({ parents: [ @@ -1284,7 +1311,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsByIds(supertest, [id]); - expect(signalsOpen.hits.hits[0]._source.signal.rule.rule_id).eql(getSimpleRule().rule_id); + expect(signalsOpen.hits.hits[0]._source?.signal.rule.rule_id).eql(getSimpleRule().rule_id); }); it('should query and get back expected signal structure using a basic KQL query', async () => { @@ -1296,8 +1323,9 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsByIds(supertest, [id]); + const signal = signalsOpen.hits.hits[0]._source?.signal; // remove rule to cut down on touch points for test changes when the rule format changes - const { rule: removedRule, ...signalNoRule } = signalsOpen.hits.hits[0]._source.signal; + const signalNoRule = omit(signal, 'rule'); expect(signalNoRule).eql({ parents: [ { @@ -1357,9 +1385,9 @@ export default ({ getService }: FtrProviderContext) => { // Get our single signal on top of a signal const signalsOpen = await getSignalsByRuleIds(supertest, ['signal-on-signal']); - + const signal = signalsOpen.hits.hits[0]._source?.signal; // remove rule to cut down on touch points for test changes when the rule format changes - const { rule: removedRule, ...signalNoRule } = signalsOpen.hits.hits[0]._source.signal; + const signalNoRule = omit(signal, 'rule'); expect(signalNoRule).eql({ parents: [ @@ -1443,11 +1471,11 @@ export default ({ getService }: FtrProviderContext) => { expect(signals.length).equal(4); signals.forEach((s) => { - expect(s.signal.rule.severity).equal('medium'); - expect(s.signal.rule.severity_mapping).eql([]); + expect(s?.signal.rule.severity).equal('medium'); + expect(s?.signal.rule.severity_mapping).eql([]); - expect(s.signal.rule.risk_score).equal(75); - expect(s.signal.rule.risk_score_mapping).eql([]); + expect(s?.signal.rule.risk_score).equal(75); + expect(s?.signal.rule.risk_score_mapping).eql([]); }); }); @@ -1464,8 +1492,8 @@ export default ({ getService }: FtrProviderContext) => { const signals = await executeRuleAndGetSignals(rule); const severities = signals.map((s) => ({ - id: s.signal.parent?.id, - value: s.signal.rule.severity, + id: s?.signal.parent?.id, + value: s?.signal.rule.severity, })); expect(signals.length).equal(4); @@ -1477,9 +1505,9 @@ export default ({ getService }: FtrProviderContext) => { ]); signals.forEach((s) => { - expect(s.signal.rule.risk_score).equal(75); - expect(s.signal.rule.risk_score_mapping).eql([]); - expect(s.signal.rule.severity_mapping).eql([ + expect(s?.signal.rule.risk_score).equal(75); + expect(s?.signal.rule.risk_score_mapping).eql([]); + expect(s?.signal.rule.severity_mapping).eql([ { field: 'my_severity', operator: 'equals', value: 'sev_900', severity: 'high' }, { field: 'my_severity', operator: 'equals', value: 'sev_max', severity: 'critical' }, ]); @@ -1498,8 +1526,8 @@ export default ({ getService }: FtrProviderContext) => { const signals = await executeRuleAndGetSignals(rule); const riskScores = signals.map((s) => ({ - id: s.signal.parent?.id, - value: s.signal.rule.risk_score, + id: s?.signal.parent?.id, + value: s?.signal.rule.risk_score, })); expect(signals.length).equal(4); @@ -1511,9 +1539,9 @@ export default ({ getService }: FtrProviderContext) => { ]); signals.forEach((s) => { - expect(s.signal.rule.severity).equal('medium'); - expect(s.signal.rule.severity_mapping).eql([]); - expect(s.signal.rule.risk_score_mapping).eql([ + expect(s?.signal.rule.severity).equal('medium'); + expect(s?.signal.rule.severity_mapping).eql([]); + expect(s?.signal.rule.risk_score_mapping).eql([ { field: 'my_risk', operator: 'equals', value: '' }, ]); }); @@ -1535,9 +1563,9 @@ export default ({ getService }: FtrProviderContext) => { const signals = await executeRuleAndGetSignals(rule); const values = signals.map((s) => ({ - id: s.signal.parent?.id, - severity: s.signal.rule.severity, - risk: s.signal.rule.risk_score, + id: s?.signal.parent?.id, + severity: s?.signal.rule.severity, + risk: s?.signal.rule.risk_score, })); expect(signals.length).equal(4); @@ -1549,11 +1577,11 @@ export default ({ getService }: FtrProviderContext) => { ]); signals.forEach((s) => { - expect(s.signal.rule.severity_mapping).eql([ + expect(s?.signal.rule.severity_mapping).eql([ { field: 'my_severity', operator: 'equals', value: 'sev_900', severity: 'high' }, { field: 'my_severity', operator: 'equals', value: 'sev_max', severity: 'critical' }, ]); - expect(s.signal.rule.risk_score_mapping).eql([ + expect(s?.signal.rule.risk_score_mapping).eql([ { field: 'my_risk', operator: 'equals', value: '' }, ]); }); @@ -1587,6 +1615,9 @@ export default ({ getService }: FtrProviderContext) => { const signals = signalsResponse.hits.hits.map((hit) => hit._source); const signalsOrderedByEventId = orderBy(signals, 'signal.parent.id', 'asc'); const fullSignal = signalsOrderedByEventId[0]; + if (!fullSignal) { + return expect(fullSignal).to.be.ok(); + } expect(fullSignal).eql({ '@timestamp': fullSignal['@timestamp'], diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/keyword_family/const_keyword.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/keyword_family/const_keyword.ts index 7d1a4d01fe27c..356234d61173d 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/keyword_family/const_keyword.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/keyword_family/const_keyword.ts @@ -72,7 +72,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); const hits = signalsOpen.hits.hits - .map((hit) => (hit._source.event as EventModule).dataset) + .map((hit) => (hit._source?.event as EventModule).dataset) .sort(); expect(hits).to.eql([ 'dataset_name_1', @@ -108,7 +108,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); const hits = signalsOpen.hits.hits - .map((hit) => (hit._source.event as EventModule).dataset) + .map((hit) => (hit._source?.event as EventModule).dataset) .sort(); expect(hits).to.eql([ 'dataset_name_1', @@ -133,7 +133,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); const hits = signalsOpen.hits.hits - .map((hit) => hit._source.signal.threshold_result ?? null) + .map((hit) => hit._source?.signal.threshold_result ?? null) .sort(); expect(hits).to.eql([ { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/keyword_family/keyword.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/keyword_family/keyword.ts index fba13c95c66ac..59940bc0c4fd7 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/keyword_family/keyword.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/keyword_family/keyword.ts @@ -59,7 +59,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); const hits = signalsOpen.hits.hits - .map((hit) => (hit._source.event as EventModule).dataset) + .map((hit) => (hit._source?.event as EventModule).dataset) .sort(); expect(hits).to.eql([ 'dataset_name_1', @@ -82,7 +82,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); const hits = signalsOpen.hits.hits - .map((hit) => (hit._source.event as EventModule).dataset) + .map((hit) => (hit._source?.event as EventModule).dataset) .sort(); expect(hits).to.eql([ 'dataset_name_1', @@ -107,7 +107,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); const hits = signalsOpen.hits.hits - .map((hit) => hit._source.signal.threshold_result ?? null) + .map((hit) => hit._source?.signal.threshold_result ?? null) .sort(); expect(hits).to.eql([ { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/keyword_family/keyword_mixed_with_const.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/keyword_family/keyword_mixed_with_const.ts index 2a354a83a10ae..9c32063c4378b 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/keyword_family/keyword_mixed_with_const.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/keyword_family/keyword_mixed_with_const.ts @@ -73,7 +73,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForSignalsToBePresent(supertest, 8, [id]); const signalsOpen = await getSignalsById(supertest, id); const hits = signalsOpen.hits.hits - .map((hit) => (hit._source.event as EventModule).dataset) + .map((hit) => (hit._source?.event as EventModule).dataset) .sort(); expect(hits).to.eql([ 'dataset_name_1', @@ -113,7 +113,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForSignalsToBePresent(supertest, 8, [id]); const signalsOpen = await getSignalsById(supertest, id); const hits = signalsOpen.hits.hits - .map((hit) => (hit._source.event as EventModule).dataset) + .map((hit) => (hit._source?.event as EventModule).dataset) .sort(); expect(hits).to.eql([ 'dataset_name_1', @@ -146,7 +146,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsById(supertest, id); const hits = signalsOpen.hits.hits - .map((hit) => hit._source.signal.threshold_result ?? null) + .map((hit) => hit._source?.signal.threshold_result ?? null) .sort(); expect(hits).to.eql([ { diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/open_close_signals.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/open_close_signals.ts index d56463770e84f..6768a76d85d45 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/open_close_signals.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/open_close_signals.ts @@ -6,8 +6,8 @@ */ import expect from '@kbn/expect'; +import type { estypes } from '@elastic/elasticsearch'; -import { SearchResponse } from 'elasticsearch'; import { Signal } from '../../../../plugins/security_solution/server/lib/detection_engine/signals/types'; import { DETECTION_ENGINE_SIGNALS_STATUS_URL, @@ -95,11 +95,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForSignalsToBePresent(supertest, 10, [id]); const signalsOpen = await getSignalsByIds(supertest, [id]); const everySignalOpen = signalsOpen.hits.hits.every( - ({ - _source: { - signal: { status }, - }, - }) => status === 'open' + (hit) => hit._source?.signal?.status === 'open' ); expect(everySignalOpen).to.eql(true); }); @@ -123,7 +119,7 @@ export default ({ getService }: FtrProviderContext) => { const { body: signalsClosed, - }: { body: SearchResponse<{ signal: Signal }> } = await supertest + }: { body: estypes.SearchResponse<{ signal: Signal }> } = await supertest .post(DETECTION_ENGINE_QUERY_SIGNALS_URL) .set('kbn-xsrf', 'true') .send(getQuerySignalIds(signalIds)) @@ -150,18 +146,14 @@ export default ({ getService }: FtrProviderContext) => { const { body: signalsClosed, - }: { body: SearchResponse<{ signal: Signal }> } = await supertest + }: { body: estypes.SearchResponse<{ signal: Signal }> } = await supertest .post(DETECTION_ENGINE_QUERY_SIGNALS_URL) .set('kbn-xsrf', 'true') .send(getQuerySignalIds(signalIds)) .expect(200); const everySignalClosed = signalsClosed.hits.hits.every( - ({ - _source: { - signal: { status }, - }, - }) => status === 'closed' + (hit) => hit._source?.signal?.status === 'closed' ); expect(everySignalClosed).to.eql(true); }); @@ -188,20 +180,16 @@ export default ({ getService }: FtrProviderContext) => { // to allow a check that the signals were NOT closed with t1 analyst const { body: signalsClosed, - }: { body: SearchResponse<{ signal: Signal }> } = await supertest + }: { body: estypes.SearchResponse<{ signal: Signal }> } = await supertest .post(DETECTION_ENGINE_QUERY_SIGNALS_URL) .set('kbn-xsrf', 'true') .send(getQuerySignalIds(signalIds)) .expect(200); - const everySignalOpen = signalsClosed.hits.hits.every( - ({ - _source: { - signal: { status }, - }, - }) => status === 'closed' + const everySignalClosed = signalsClosed.hits.hits.every( + (hit) => hit._source?.signal?.status === 'closed' ); - expect(everySignalOpen).to.eql(true); + expect(everySignalClosed).to.eql(true); await deleteUserAndRole(getService, ROLES.t1_analyst); }); @@ -227,18 +215,14 @@ export default ({ getService }: FtrProviderContext) => { const { body: signalsClosed, - }: { body: SearchResponse<{ signal: Signal }> } = await supertest + }: { body: estypes.SearchResponse<{ signal: Signal }> } = await supertest .post(DETECTION_ENGINE_QUERY_SIGNALS_URL) .set('kbn-xsrf', 'true') .send(getQuerySignalIds(signalIds)) .expect(200); const everySignalClosed = signalsClosed.hits.hits.every( - ({ - _source: { - signal: { status }, - }, - }) => status === 'closed' + (hit) => hit._source?.signal?.status === 'closed' ); expect(everySignalClosed).to.eql(true); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/runtime.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/runtime.ts index 0015a41f911d4..2b7c38c775365 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/runtime.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/runtime.ts @@ -47,7 +47,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((signal) => (signal._source.host as Runtime).name); + const hits = signalsOpen.hits.hits.map((signal) => (signal._source?.host as Runtime).name); expect(hits).to.eql(['host name 1', 'host name 2', 'host name 3', 'host name 4']); }); @@ -58,7 +58,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); const hits = signalsOpen.hits.hits.map( - (signal) => (signal._source.host as Runtime).hostname + (signal) => (signal._source?.host as Runtime).hostname ); expect(hits).to.eql(['host name 1', 'host name 2', 'host name 3', 'host name 4']); }); @@ -91,7 +91,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); - const hits = signalsOpen.hits.hits.map((signal) => signal._source.host); + const hits = signalsOpen.hits.hits.map((signal) => signal._source?.host); expect(hits).to.eql([ [ { @@ -140,7 +140,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForSignalsToBePresent(supertest, 4, [id]); const signalsOpen = await getSignalsById(supertest, id); const hits = signalsOpen.hits.hits.map( - (signal) => (signal._source.host as Runtime).hostname + (signal) => (signal._source?.host as Runtime).hostname ); expect(hits).to.eql([undefined, undefined, undefined, undefined]); }); diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/timestamps.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/timestamps.ts index 2c304803ded89..28a2e6b4dbd5c 100644 --- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/timestamps.ts +++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/timestamps.ts @@ -65,7 +65,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsByIds(supertest, [id]); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.signal.original_time).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.signal.original_time).sort(); expect(hits).to.eql(['2021-06-02T23:33:15.000Z']); }); @@ -78,7 +78,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsByIds(supertest, [id]); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.signal.original_time).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.signal.original_time).sort(); expect(hits).to.eql(['2020-12-16T15:16:18.000Z']); }); }); @@ -90,7 +90,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsByIds(supertest, [id]); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.signal.original_time).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.signal.original_time).sort(); expect(hits).to.eql(['2021-06-02T23:33:15.000Z']); }); @@ -103,7 +103,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForRuleSuccessOrStatus(supertest, id); await waitForSignalsToBePresent(supertest, 1, [id]); const signalsOpen = await getSignalsByIds(supertest, [id]); - const hits = signalsOpen.hits.hits.map((hit) => hit._source.signal.original_time).sort(); + const hits = signalsOpen.hits.hits.map((hit) => hit._source?.signal.original_time).sort(); expect(hits).to.eql(['2020-12-16T15:16:18.000Z']); }); }); @@ -215,7 +215,7 @@ export default ({ getService }: FtrProviderContext) => { await waitForSignalsToBePresent(supertest, 1, [id]); const signalsResponse = await getSignalsByIds(supertest, [id, id]); const hits = signalsResponse.hits.hits - .map((hit) => hit._source.signal.original_time) + .map((hit) => hit._source?.signal.original_time) .sort(); expect(hits).to.eql([undefined]); }); diff --git a/x-pack/test/detection_engine_api_integration/utils.ts b/x-pack/test/detection_engine_api_integration/utils.ts index f8989c685c82c..bd2ce12b6dcbe 100644 --- a/x-pack/test/detection_engine_api_integration/utils.ts +++ b/x-pack/test/detection_engine_api_integration/utils.ts @@ -7,11 +7,11 @@ import { KbnClient } from '@kbn/test'; import type { ApiResponse } from '@elastic/elasticsearch'; +import { Context } from '@elastic/elasticsearch/lib/Transport'; +import type { estypes } from '@elastic/elasticsearch'; import type { KibanaClient } from '@elastic/elasticsearch/api/kibana'; import { SuperTest } from 'supertest'; import supertestAsPromised from 'supertest-as-promised'; -import { Context } from '@elastic/elasticsearch/lib/Transport'; -import { SearchResponse } from 'elasticsearch'; import type { ListArray, NonEmptyEntriesArray, @@ -1079,12 +1079,14 @@ export const getSignalsByRuleIds = async ( supertest: SuperTest, ruleIds: string[] ): Promise< - SearchResponse<{ + estypes.SearchResponse<{ signal: Signal; [x: string]: unknown; }> > => { - const { body: signalsOpen }: { body: SearchResponse<{ signal: Signal }> } = await supertest + const { + body: signalsOpen, + }: { body: estypes.SearchResponse<{ signal: Signal }> } = await supertest .post(DETECTION_ENGINE_QUERY_SIGNALS_URL) .set('kbn-xsrf', 'true') .send(getQuerySignalsRuleId(ruleIds)) @@ -1103,12 +1105,14 @@ export const getSignalsByIds = async ( ids: string[], size?: number ): Promise< - SearchResponse<{ + estypes.SearchResponse<{ signal: Signal; [x: string]: unknown; }> > => { - const { body: signalsOpen }: { body: SearchResponse<{ signal: Signal }> } = await supertest + const { + body: signalsOpen, + }: { body: estypes.SearchResponse<{ signal: Signal }> } = await supertest .post(DETECTION_ENGINE_QUERY_SIGNALS_URL) .set('kbn-xsrf', 'true') .send(getQuerySignalsId(ids, size)) @@ -1125,12 +1129,14 @@ export const getSignalsById = async ( supertest: SuperTest, id: string ): Promise< - SearchResponse<{ + estypes.SearchResponse<{ signal: Signal; [x: string]: unknown; }> > => { - const { body: signalsOpen }: { body: SearchResponse<{ signal: Signal }> } = await supertest + const { + body: signalsOpen, + }: { body: estypes.SearchResponse<{ signal: Signal }> } = await supertest .post(DETECTION_ENGINE_QUERY_SIGNALS_URL) .set('kbn-xsrf', 'true') .send(getQuerySignalsId([id]))