updated to remove default of note to empty string, updated tests

x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/schemas/add_prepackaged_rules_schema.ts

@@ -80,6 +80,6 @@ export const addPrepackagedRulesSchema = Joi.object({
   type: type.required(),
   threat: threat.default([]),
   references: references.default([]),
-  note: note.default('').default(''),
+  note: note.allow(''),
   version: version.required(),
 });

x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/schemas/create_rules_bulk_schema.test.ts

@@ -142,7 +142,7 @@ describe('create_rules_bulk_schema', () => {
     );
   });
 
-  test('The default for "note" will be empty string', () => {
+  test('You can set "note" to a string', () => {
     expect(
       createRulesBulkSchema.validate<Partial<PatchRuleAlertParamsRest>>([
         {
@@ -156,10 +156,32 @@ describe('create_rules_bulk_schema', () => {
           query: 'some query',
           language: 'kuery',
           max_signals: 1,
+          note: '# test markdown',
           version: 1,
         },
-      ]).value[0].note
-    ).toEqual('');
+      ]).error
+    ).toBeFalsy();
+  });
+
+  test('You can set "note" to an empty string', () => {
+    expect(
+      createRulesBulkSchema.validate<Partial<PatchRuleAlertParamsRest>>([
+        {
+          rule_id: 'rule-1',
+          risk_score: 50,
+          description: 'some description',
+          name: 'some-name',
+          severity: 'low',
+          type: 'query',
+          references: ['index-1'],
+          query: 'some query',
+          language: 'kuery',
+          max_signals: 1,
+          note: '',
+          version: 1,
+        },
+      ]).error
+    ).toBeFalsy();
   });
 
   test('You cannot set "note" to anything other than string', () => {

x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/schemas/create_rules_schema.test.ts

@@ -1249,6 +1249,29 @@ describe('create rules schema', () => {
       ).toBeFalsy();
     });
 
+    test('You can set note to an emtpy string', () => {
+      expect(
+        createRulesSchema.validate<Partial<RuleAlertParamsRest>>({
+          rule_id: 'rule-1',
+          output_index: '.siem-signals',
+          risk_score: 50,
+          description: 'some description',
+          from: 'now-5m',
+          to: 'now',
+          index: ['index-1'],
+          name: 'some-name',
+          severity: 'low',
+          interval: '5m',
+          type: 'query',
+          references: ['index-1'],
+          query: 'some query',
+          language: 'kuery',
+          max_signals: 1,
+          note: '',
+        }).error
+      ).toBeFalsy();
+    });
+
     test('You cannot create note as an object', () => {
       expect(
         createRulesSchema.validate<Partial<Omit<RuleAlertParamsRest, 'note'> & { note: object }>>({

x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/schemas/create_rules_schema.ts

@@ -68,6 +68,6 @@ export const createRulesSchema = Joi.object({
   type: type.required(),
   threat: threat.default([]),
   references: references.default([]),
-  note: note.allow('').default(''),
+  note: note.allow(''),
   version: version.default(1),
 });

x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/schemas/import_rules_schema.test.ts

@@ -1479,6 +1479,33 @@ describe('import rules schema', () => {
       ).toBeFalsy();
     });
 
+    test('You cannot create note set to null', () => {
+      expect(
+        importRulesSchema.validate<Partial<ImportRuleAlertRest>>({
+          rule_id: 'rule-1',
+          output_index: '.siem-signals',
+          risk_score: 50,
+          description: 'some description',
+          from: 'now-5m',
+          to: 'now',
+          immutable: false,
+          index: ['index-1'],
+          name: 'some-name',
+          severity: 'low',
+          interval: '5m',
+          type: 'query',
+          references: ['index-1'],
+          query: 'some query',
+          language: 'kuery',
+          max_signals: 1,
+          meta: {
+            somethingMadeUp: { somethingElse: true },
+          },
+          note: null,
+        }).error.message
+      ).toEqual('child "note" fails because ["note" must be a string]');
+    });
+
     test('You cannot create note as something other than a string', () => {
       expect(
         importRulesSchema.validate<Partial<Omit<ImportRuleAlertRest, 'note'> & { note: object }>>({

x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/schemas/import_rules_schema.ts

@@ -85,7 +85,7 @@ export const importRulesSchema = Joi.object({
   type: type.required(),
   threat: threat.default([]),
   references: references.default([]),
-  note: note.allow('').default(''),
+  note: note.allow(''),
   version: version.default(1),
   created_at,
   updated_at,

x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/schemas/update_rules_schema.test.ts

@@ -1268,6 +1268,53 @@ describe('create rules schema', () => {
       ).toBeFalsy();
     });
 
+    test('You can set note to an empty string', () => {
+      expect(
+        updateRulesSchema.validate<Partial<RuleAlertParamsRest>>({
+          rule_id: 'rule-1',
+          output_index: '.siem-signals',
+          risk_score: 50,
+          description: 'some description',
+          from: 'now-5m',
+          to: 'now',
+          index: ['index-1'],
+          name: 'some-name',
+          severity: 'low',
+          interval: '5m',
+          type: 'query',
+          references: ['index-1'],
+          query: 'some query',
+          language: 'kuery',
+          max_signals: 1,
+          note: '',
+        }).error
+      ).toBeFalsy();
+    });
+
+    // Note: If you're looking to remove `note`, omit `note` entirely
+    test('You cannot set note to null', () => {
+      expect(
+        updateRulesSchema.validate<Partial<RuleAlertParamsRest>>({
+          rule_id: 'rule-1',
+          output_index: '.siem-signals',
+          risk_score: 50,
+          description: 'some description',
+          from: 'now-5m',
+          to: 'now',
+          index: ['index-1'],
+          name: 'some-name',
+          severity: 'low',
+          interval: '5m',
+          type: 'query',
+          references: ['index-1'],
+          query: 'some query',
+          language: 'kuery',
+          max_signals: 1,
+          note: null,
+        }).error.message
+      ).toEqual('child "note" fails because ["note" must be a string]');
+    });
+
     test('You cannot set note as an object', () => {
       expect(
         updateRulesSchema.validate<Partial<Omit<RuleAlertParamsRest, 'note'> & { note: object }>>({

x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/schemas/update_rules_schema.ts

@@ -77,6 +77,6 @@ export const updateRulesSchema = Joi.object({
   type: type.required(),
   threat: threat.default([]),
   references: references.default([]),
-  note: note.allow('').default(''),
+  note: note.allow(''),
   version,
 }).xor('id', 'rule_id');

x-pack/legacy/plugins/siem/server/lib/detection_engine/rules/create_rules_stream_from_ndjson.test.ts

@@ -69,7 +69,6 @@ describe('create_rules_stream_from_ndjson', () => {
           tags: [],
           threat: [],
           references: [],
-          note: '',
           version: 1,
         },
         {
@@ -93,7 +92,6 @@ describe('create_rules_stream_from_ndjson', () => {
           tags: [],
           threat: [],
           references: [],
-          note: '',
           version: 1,
         },
       ]);
@@ -155,7 +153,6 @@ describe('create_rules_stream_from_ndjson', () => {
           tags: [],
           threat: [],
           references: [],
-          note: '',
           version: 1,
         },
         {
@@ -179,7 +176,6 @@ describe('create_rules_stream_from_ndjson', () => {
           tags: [],
           threat: [],
           references: [],
-          note: '',
           version: 1,
         },
       ]);
@@ -224,7 +220,6 @@ describe('create_rules_stream_from_ndjson', () => {
           tags: [],
           threat: [],
           references: [],
-          note: '',
           version: 1,
         },
         {
@@ -248,7 +243,6 @@ describe('create_rules_stream_from_ndjson', () => {
           tags: [],
           threat: [],
           references: [],
-          note: '',
           version: 1,
         },
       ]);
@@ -293,7 +287,6 @@ describe('create_rules_stream_from_ndjson', () => {
         tags: [],
         threat: [],
         references: [],
-        note: '',
         version: 1,
       });
       expect(resultOrError[1].message).toEqual('Unexpected token , in JSON at position 1');
@@ -318,7 +311,6 @@ describe('create_rules_stream_from_ndjson', () => {
         tags: [],
         threat: [],
         references: [],
-        note: '',
         version: 1,
       });
     });
@@ -362,7 +354,6 @@ describe('create_rules_stream_from_ndjson', () => {
         tags: [],
         threat: [],
         references: [],
-        note: '',
         version: 1,
       });
       expect(resultOrError[1].message).toEqual(
@@ -389,7 +380,6 @@ describe('create_rules_stream_from_ndjson', () => {
         tags: [],
         threat: [],
         references: [],
-        note: '',
         version: 1,
       });
     });

x-pack/test/detection_engine_api_integration/security_and_spaces/tests/utils.ts

@@ -286,6 +286,7 @@ export const getComplexRule = (ruleId = 'rule-1'): Partial<OutputRuleAlertRest>
   ],
   timeline_id: 'timeline_id',
   timeline_title: 'timeline_title',
+  note: '# some investigation documentation',
   version: 1,
   query: 'user.name: root or user.name: admin',
 });