diff --git a/x-pack/plugins/security_solution/cypress/integration/detection_alerts/building_block_alerts.spec.ts b/x-pack/plugins/security_solution/cypress/integration/detection_alerts/building_block_alerts.spec.ts index 262ffe8163e5..94418e61b405 100644 --- a/x-pack/plugins/security_solution/cypress/integration/detection_alerts/building_block_alerts.spec.ts +++ b/x-pack/plugins/security_solution/cypress/integration/detection_alerts/building_block_alerts.spec.ts @@ -8,19 +8,23 @@ import { getBuildingBlockRule } from '../../objects/rule'; import { OVERVIEW_ALERTS_HISTOGRAM } from '../../screens/overview'; import { OVERVIEW } from '../../screens/security_header'; +import { waitForAlertsIndexToBeCreated, waitForAlertsPanelToBeLoaded } from '../../tasks/alerts'; import { goToRuleDetails } from '../../tasks/alerts_detection_rules'; import { createCustomRuleActivated } from '../../tasks/api_calls/rules'; import { cleanKibana } from '../../tasks/common'; import { waitForAlertsToPopulate, waitForTheRuleToBeExecuted } from '../../tasks/create_new_rule'; -import { loginAndWaitForPage } from '../../tasks/login'; +import { loginAndWaitForPage, loginAndWaitForPageWithoutDateRange } from '../../tasks/login'; import { navigateFromHeaderTo } from '../../tasks/security_header'; -import { DETECTIONS_RULE_MANAGEMENT_URL } from '../../urls/navigation'; +import { ALERTS_URL, DETECTIONS_RULE_MANAGEMENT_URL } from '../../urls/navigation'; const EXPECTED_NUMBER_OF_ALERTS = 16; describe('Alerts generated by building block rules', () => { beforeEach(() => { cleanKibana(); + loginAndWaitForPageWithoutDateRange(ALERTS_URL); + waitForAlertsPanelToBeLoaded(); + waitForAlertsIndexToBeCreated(); }); it('Alerts should be visible on the Rule Detail page and not visible on the Overview page', () => { diff --git a/x-pack/plugins/security_solution/server/config.ts b/x-pack/plugins/security_solution/server/config.ts index e0b8ad883f4a..61cbb5641c5f 100644 --- a/x-pack/plugins/security_solution/server/config.ts +++ b/x-pack/plugins/security_solution/server/config.ts @@ -112,7 +112,7 @@ export const configSchema = schema.object({ schema.literal(UnderlyingLogClient.eventLog), schema.literal(UnderlyingLogClient.savedObjects), ], - { defaultValue: UnderlyingLogClient.savedObjects } + { defaultValue: UnderlyingLogClient.eventLog } ), }), diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/event_log_adapter/constants.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/event_log_adapter/constants.ts index f09eb43bf15f..55624b56e39a 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/event_log_adapter/constants.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/event_log_adapter/constants.ts @@ -5,7 +5,7 @@ * 2.0. */ -export const RULE_EXECUTION_LOG_PROVIDER = 'rule-execution.security'; +export const RULE_EXECUTION_LOG_PROVIDER = 'securitySolution.ruleExecution'; export const ALERT_SAVED_OBJECT_TYPE = 'alert'; diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/saved_objects_adapter/rule_status_saved_objects_client.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/saved_objects_adapter/rule_status_saved_objects_client.ts index 66b646e96ea5..0026bba24eeb 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/saved_objects_adapter/rule_status_saved_objects_client.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/saved_objects_adapter/rule_status_saved_objects_client.ts @@ -21,7 +21,7 @@ import { IRuleStatusSOAttributes } from '../../rules/types'; export interface RuleStatusSavedObjectsClient { find: ( - options?: Omit + options: Omit & { ruleId: string } ) => Promise>>; findBulk: (ids: string[], statusesPerId: number) => Promise; create: ( @@ -47,9 +47,14 @@ export const ruleStatusSavedObjectsClientFactory = ( savedObjectsClient: SavedObjectsClientContract ): RuleStatusSavedObjectsClient => ({ find: async (options) => { + const references = { + id: options.ruleId, + type: 'alert', + }; const result = await savedObjectsClient.find({ ...options, type: legacyRuleStatusSavedObjectType, + hasReference: references, }); return result.saved_objects; }, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/saved_objects_adapter/saved_objects_adapter.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/saved_objects_adapter/saved_objects_adapter.ts index 9db7afce62ee..70db3a768fdb 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/saved_objects_adapter/saved_objects_adapter.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_execution_log/saved_objects_adapter/saved_objects_adapter.ts @@ -53,8 +53,7 @@ export class SavedObjectsAdapter implements IRuleExecutionLogClient { perPage: logsCount, sortField: 'statusDate', sortOrder: 'desc', - search: ruleId, - searchFields: ['references.id'], + ruleId, }); }